Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3.
Published: 2026-01-10
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption via Heap Overflow
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a heap buffer overflow in CryptoLib's MariaDB SA interface. The convert_hexstring_to_byte_array function writes decoded bytes into a caller‑supplied buffer without bounds checking. When importing security association fields from the database, a malformed or oversized hex string can overflow the buffer, corrupting adjacent heap memory. This can lead to data corruption, denial of service, or other unintended behavior. The weakness is a classic buffer overflow (CWE‑122).

Affected Systems

NASA’s CryptoLib software, used in spacecraft and ground station communications, is affected. Versions up to and including 1.4.2 contain the flaw; the issue was fixed in release 1.4.3. The vulnerability resides in the MariaDB SA interface used by CryptoLib’s security functions.

Risk and Exploitability

The CVSS score is 5.7, indicating moderate impact. The EPSS score is below 1 %, suggesting a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to write a crafted hex string into the database and then trigger the import routine, meaning the threat comes from an insider or a user with database write privileges rather than from an external network attacker. Overall risk is moderate, but the potential impact of memory corruption warrants patching as soon as possible.

Generated by OpenCVE AI on April 18, 2026 at 07:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CryptoLib to version 1.4.3 or later, which introduces bounds‑checked conversion logic.
  • If immediate upgrade is not possible, enforce stricter input validation by ensuring that any hex strings retrieved from the database do not exceed the maximum buffer size before calling the conversion routine.
  • Apply additional runtime mitigations such as stack canaries, address space layout randomization, and memory protection tools to reduce the effect of any remaining overflow vulnerabilities.

Generated by OpenCVE AI on April 18, 2026 at 07:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 15 Jan 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.0, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H'}

Mon, 12 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Nasa
Nasa cryptolib
Vendors & Products Nasa
Nasa cryptolib

Sat, 10 Jan 2026 00:45:00 +0000

Type Values Removed Values Added
Description CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3.
Title CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nasa Cryptolib
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-12T16:23:53.099Z

Reserved: 2026-01-05T22:30:38.718Z

Link: CVE-2026-22027

cve-icon Vulnrichment

Updated: 2026-01-12T15:33:56.868Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T01:16:18.990

Modified: 2026-01-15T21:45:02.797

Link: CVE-2026-22027

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T07:30:36Z

Weaknesses