CVE-2026-21897

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the CryptoConfigAddGvcidManagedParameters...

CVE-2026-22025

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP...

CVE-2026-21898

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the CryptoAOSProcessSecurity function reads...

EUVD-2026-1888

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

CVE-2026-22027 CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

EUVD-2026-1890

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the libcurl writecallback function in the KMC...

CVE-2026-22025 CryptoLib Memory Leak on HTTP Error Response in KMC Client

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP...

CVE-2026-21898 CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the CryptoAOSProcessSecurity function reads...

CVE-2025-64096

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to 1.4.2, there is a missing bounds check in CryptoKeyupdate...

CVE-2025-64096

CryptoLib (NASA open source SDLS-EP implementation) before version 1.4.2 is affected by a stack-based buffer overflow in Crypto_Key_update() (crypto_key_mgmt.c). An attacker-controlled TLV length field (pdu_len) can drive the calculation of the number of keys beyond the static kblk[98] array, cau...

EUVD-2025-12474

Malicious code in bioql PyPI...

CVE-2025-46674

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...

CVE-2025-46674

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...

CVE-2025-46674

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...

CVE-2025-46674

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...

CVE-2025-46674

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...

CVE-2025-46674

CVE-2025-46674 affects NASA CryptoLib prior to 1.3.2. The issue arises from using Extended Procedures that are a Work in Progress and not intended for flight, which could enable a keystream oracle. Public references confirm vulnerability details and link to changes between v1.3.1 and v1.3.2. Repo...

PT-2025-17971 · Nasa · Nasa Cryptolib

Name of the Vulnerable Software and Affected Versions: NASA CryptoLib versions prior to 1.3.2 Description: The issue arises from NASA CryptoLib using Extended Procedures that are a Work in Progress, not intended for use during flight, potentially leading to a keystream oracle. Recommendations: Fo...

How to Exploit SQL Server Using Registry Keys

At the Imperva Research Labs we have the chance to scrutinize various security situations. In this blog, we will take a closer look at database security on SQL Server. One routine approach that security practitioners employ to protect databases is deploying honeypots and waiting for bad actors to...

How to Exploit SQL Server Using OLE Automation

As part of the Imperva Research Labs we have the opportunity to examine various security scenarios. In this post, we will consider database security on SQL Server. One standard method that security practitioners use to protect databases is deploying honeypots and waiting for hackers to take the...