Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.
Published: 2026-01-10
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Resource Exhaustion leading to Denial of Service
Action: Patch
AI Analysis

Impact

CryptoLib uses the CCSDS Space Data Link Security Protocol to protect ground‑station communications. Prior to version 1.4.3 the libcurl write_callback in the KMC crypto service client can reallocate response buffers without any bounds checking, allowing a malicious KMC server to send arbitrarily large HTTP responses. This causes the client process to allocate more memory than the system can provide, eventually exhausting resources and terminating the process, which results in a denial of service for the affected component.

Affected Systems

The vulnerability affects NASA’s CryptoLib software for all releases before 1.4.3. Systems that run the Core Flight System on a spacecraft and communicate with a ground‑station using CryptoLib are impacted, regardless of the specific operating environment, as long as the vulnerable version is in use.

Risk and Exploitability

The flaw carries a CVSS score of 8.2, indicating high severity. Exploitation probability is very low according to the EPSS (<1%) and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is a malicious or compromised KMC server that can control the content of the HTTP response sent to the CryptoLib client. Successful exploitation requires network access to the KMC service; no local privilege escalation or code execution is involved, but an attacker can trigger a service crash and interrupt secure communications.

Generated by OpenCVE AI on April 18, 2026 at 07:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CryptoLib to version 1.4.3 or later, which implements an upper bound on response buffer allocation.
  • Configure the KMC crypto service client to enforce a maximum acceptable response size or validate response length before allocating memory to prevent excessive allocation.
  • Monitor traffic to the KMC service and restrict connections from untrusted KMC servers, using network filtering or firewalls to limit the volume of data that can be received from external sources.

Generated by OpenCVE AI on April 18, 2026 at 07:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 16 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 13 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Nasa
Nasa cryptolib
Vendors & Products Nasa
Nasa cryptolib

Sat, 10 Jan 2026 00:45:00 +0000

Type Values Removed Values Added
Description CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.
Title CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion
Weaknesses CWE-789
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nasa Cryptolib
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-13T21:47:52.666Z

Reserved: 2026-01-05T22:30:38.718Z

Link: CVE-2026-22026

cve-icon Vulnrichment

Updated: 2026-01-13T21:47:41.811Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T01:16:18.843

Modified: 2026-01-16T16:43:52.067

Link: CVE-2026-22026

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T07:30:36Z

Weaknesses