Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3.
Published: 2026-01-10
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Disclosure
Action: Apply Patch
AI Analysis

Impact

CryptoLib’s cryptography_encrypt function parses JSON metadata received from a KMC server. A flawed iteration using ptr + strlen(ptr) + 1 reads one byte past the buffer boundary for short or malformed strings, leading to an out‑of‑bounds heap read. This vulnerability is identified as CWE‑125 and carries a CVSS score of 8.2. The primary consequence is the potential exposure of sensitive data and possible software instability.

Affected Systems

The affected product is NASA’s CryptoLib, which implements the CCSDS Space Data Link Security Protocol for spacecraft and ground station communication. All releases prior to v1.4.3 are impacted. The patch was released in version 1.4.3 and is available via the official GitHub releases page.

Risk and Exploitability

The EPSS score is below 1%, indicating a low probability of exploitation. CryptoLib is not listed in the CISA KEV catalog, and no public exploits are currently known. Successful exploitation would require the attacker to control or influence the KMC server’s response to craft short or malformed metadata, enabling them to trigger the out‑of‑bounds read and potentially leak memory contents or cause a crash.

Generated by OpenCVE AI on April 18, 2026 at 16:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CryptoLib to version 1.4.3 or later.
  • Validate all JSON metadata before passing it to cryptography_encrypt, checking for unexpected length or format.
  • If an upgrade cannot be performed immediately, monitor KMC traffic for malformed responses and isolate the CryptoLib process from untrusted KMC inputs to mitigate potential memory disclosure.

Generated by OpenCVE AI on April 18, 2026 at 16:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 16 Jan 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Nasa
Nasa cryptolib
Vendors & Products Nasa
Nasa cryptolib

Sat, 10 Jan 2026 00:45:00 +0000

Type Values Removed Values Added
Description CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3.
Title CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nasa Cryptolib
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-13T17:16:34.273Z

Reserved: 2026-01-05T17:24:36.931Z

Link: CVE-2026-21900

cve-icon Vulnrichment

Updated: 2026-01-13T17:16:22.892Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T01:16:18.263

Modified: 2026-01-16T16:46:47.517

Link: CVE-2026-21900

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:45:05Z

Weaknesses