Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.
Published: 2026-01-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential Arbitrary Code Execution
Action: Patch immediately
AI Analysis

Impact

The vulnerability is a heap buffer overflow triggered when CryptoLib decodes Base64 strings from KMC service JSON responses. The decoder allocates a destination buffer based on an expected output length, yet writes output according to the actual Base64 length without bound checks. An attacker can supply an oversized Base64 string, causing out‑of‑bounds writes on the heap. This can lead to a process crash and, under certain conditions, arbitrary code execution, compromising the confidentiality, integrity, or availability of the target system.

Affected Systems

NASA’s CryptoLib software library is affected. Version 1.4.3 contains the patch, but any releases prior to 1.4.3 remain vulnerable. The weakness is catalogued as CWE‑122, indicating an unchecked buffer overflow in heap memory allocation.

Risk and Exploitability

The CVSS base score of 7.5 signals high severity. However, the EPSS probability is below 1 %, and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of exploitation in the wild. The likely attack vector is inferred from the description, as the attacker must manipulate the KMC service response to deliver a maliciously large Base64 string, likely through remote API manipulation or compromised communication channels. While the flaw can crash the application, achieving code execution requires additional conditions that are not guaranteed.

Generated by OpenCVE AI on April 18, 2026 at 16:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CryptoLib to version 1.4.3 to apply the fixed Base64 decoder.
  • Add a pre‑decode check that validates the Base64 string length against the expected output size and rejects or truncates any input that exceeds the limit.
  • Monitor KMC service responses for abnormal Base64 field sizes and investigate or block any unexpected payloads to reduce the attack surface.

Generated by OpenCVE AI on April 18, 2026 at 16:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 16 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

Tue, 13 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Nasa
Nasa cryptolib
Vendors & Products Nasa
Nasa cryptolib

Sat, 10 Jan 2026 00:45:00 +0000

Type Values Removed Values Added
Description CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.
Title CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Nasa Cryptolib
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-13T21:48:38.005Z

Reserved: 2026-01-08T19:23:09.856Z

Link: CVE-2026-22697

cve-icon Vulnrichment

Updated: 2026-01-13T21:48:25.655Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T01:16:19.160

Modified: 2026-01-16T16:42:26.080

Link: CVE-2026-22697

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:45:05Z

Weaknesses