50 matches found
CVE-2026-22026
CVE-2026-22026 affects CryptoLib prior to 1.4.3. The vulnerability is in the libcurl write_callback used by the KMC crypto service client, where HTTP response buffers can be reallocated without size checks, allowing a malicious KMC server to send arbitrarily large responses and cause unbounded me...
CVE-2026-22023 CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read...
EUVD-2025-6610
Malicious code in bioql PyPI...
EUVD-2025-6609
Malicious code in bioql PyPI...
EUVD-2025-6608
Malicious code in bioql PyPI...
EUVD-2025-6612
Malicious code in bioql PyPI...
CVE-2025-54878
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...
CVE-2025-54878
CVE-2025-54878 affects NASA CryptoLib (versions ≤ 1.4.0) where the IV setup logic for telecommand frames lacks bounds checking when copying the Initialization Vector into a newly allocated buffer. This heap buffer overflow can be triggered by a crafted telecommand frame, causing heap corruption a...
CVE-2025-46675
In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking...
CVE-2025-46674
NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...
CVE-2025-46672
NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking...
CVE-2025-46673
NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol SDLS...
CVE-2025-46672
NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking...
CVE-2025-46674
NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...
CVE-2025-46675
In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking...
CVE-2025-46675
CVE-2025-46675 affects NASA CryptoLib prior to 1.3.2. The root cause is that the key state is not checked before use, which could enable spacecraft hijacking. Public sources across multiple advisories note the affected versions are before 1.3.2, with remediation to upgrade to 1.3.2 or later; PT S...
CVE-2025-30356
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in...
CVE-2025-30356
CryptoLib (SDLS-EP) vulnerability CVE-2025-30356 affects 1.3.3 and earlier. A heap buffer overflow in Crypto_TC_ApplySecurity results from incomplete validation of the fl (frame length) field; after CVE-2025-29912’s underflow fix, frames can still produce a negative tf_payload_len that is treated...
CVE-2025-30356 Heap Buffer Overflow via Incomplete Length Check in `Crypto_TC_ApplySecurity`
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in...
Exploit for Out-of-bounds Write in Nasa Cryptolib
PoC for CVE-2025-30216: CryptoLib Heap Overflow Vulnerability...