Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen > 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL - 1. This issue has been patched in version 1.4.3.
Published: 2026-01-10
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via out‑of‑bounds read and crash
Action: Patch
AI Analysis

Impact

CryptoLib’s base64urlDecode function performs a padding‑stripping operation that dereferences input[inputLen - 1] before verifying that the input pointer is non‑null and that the length is greater than zero. When an empty Base64url string (length zero) or a NULL pointer with zero length is supplied, the function reads outside the bounds of the input array or dereferences a NULL pointer, causing the library to crash. The vulnerability is classified as an out‑of‑bounds read that leads to a denial of service through process termination. No remote code execution or data disclosure is directly possible from the information supplied.

Affected Systems

The issue exists in versions of NASA’s CryptoLib prior to 1.4.3. All installations running CryptoLib 1.4.2 or earlier are susceptible. The fix is applied in release 1.4.3.

Risk and Exploitability

With a CVSS score of 4.7, the vulnerability is moderate. The EPSS score is less than 1%, indicating a very low probability of widespread exploitation. The vulnerability is not listed in CISA’s KEV catalog, suggesting no known active exploits. Attackers would need to provide an empty or NULL Base64url string to the base64urlDecode routine, which may be achievable if the library is exposed to untrusted input such as telemetry, command, or configuration streams. Proper validation or the official patch removes the possibility of a crash.

Generated by OpenCVE AI on April 18, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CryptoLib to version 1.4.3 or later to apply the patch that removes the out‑of‑bounds read.
  • If an upgrade is not feasible, modify the calling code to validate that the input string length is greater than zero and that the input pointer is not NULL before invoking base64urlDecode.
  • Implement additional runtime checks or error handling around CryptoLib’s decoding functions to prevent accidental crashes caused by malformed or empty input.

Generated by OpenCVE AI on April 18, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 15 Jan 2026 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

Mon, 12 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Nasa
Nasa cryptolib
Vendors & Products Nasa
Nasa cryptolib

Sat, 10 Jan 2026 00:45:00 +0000

Type Values Removed Values Added
Description CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen > 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL - 1. This issue has been patched in version 1.4.3.
Title CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Nasa Cryptolib
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-12T20:23:08.304Z

Reserved: 2026-01-05T17:24:36.931Z

Link: CVE-2026-21899

cve-icon Vulnrichment

Updated: 2026-01-12T20:22:58.538Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T01:16:18.113

Modified: 2026-01-15T21:45:24.500

Link: CVE-2026-21899

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T07:30:36Z

Weaknesses