CVE-2025-54878 Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup`

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...

CVE-2025-54878

CVE-2025-54878 affects NASA CryptoLib (versions ≤ 1.4.0) where the IV setup logic for telecommand frames lacks bounds checking when copying the Initialization Vector into a newly allocated buffer. This heap buffer overflow can be triggered by a crafted telecommand frame, causing heap corruption a...

CVE-2025-54878 Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup`

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...

CVE-2025-51823

libcsp 2.0 is vulnerable to Buffer Overflow in the cspethinit function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member ctx-name without validating the input length...

BIT-LIBPHP-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

NASA CryptoLib 安全漏洞

NASA CryptoLib is a highly optimized cryptographic library from the National Aeronautics and Space Administration NASA designed to provide software developers with a clean and easy-to-use cryptographic toolset. A security vulnerability exists in NASA CryptoLib version 1.4.0 and earlier, which ste...

PT-2025-32586

Name of the Vulnerable Software and Affected Versions: CryptoLib versions 1.4.0 and earlier Description: CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight Syste...

PT-2025-32574 · Libcsp · Libcsp

Name of the Vulnerable Software and Affected Versions: libcsp version 2.0 Description: libcsp version 2.0 contains a buffer overflow in the csp eth init function. This issue is due to the use of strcpy to copy the ifname parameter into a structure member ctx-name without proper input length...

CVE-2025-51823

The CVE-2025-51823 entry affects libcsp 2.0. The vulnerability is a buffer overflow in the csp_eth_init() function caused by copying the interface name (ifname) into ctx->name with strcpy without validating input length. This is the underlying root cause described across multiple sources, whic...

Linux Distros Unpatched Vulnerability : CVE-2025-37895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix error handling path in bnxtinitchip WARNON is triggered in flushwork if...

Linux Distros Unpatched Vulnerability : CVE-2023-29537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects...

Linux Distros Unpatched Vulnerability : CVE-2022-50188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount leak in mesonencoderhdmiinit offinddevicebynode takes reference, we...

Linux Distros Unpatched Vulnerability : CVE-2025-38403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields...

Linux Distros Unpatched Vulnerability : CVE-2024-38579

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer...

Linux Distros Unpatched Vulnerability : CVE-2024-26788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the...

Linux Distros Unpatched Vulnerability : CVE-2022-49818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of putdevice in mISDNregisterdevice We should not release reference by...

Linux Distros Unpatched Vulnerability : CVE-2022-50032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: renesas: Fix refcount leak bug In usbhsrza1hardwareinit, offindnodebyname will return a node pointer with refcount incremented. We should use ofnodeput whe...

Linux Distros Unpatched Vulnerability : CVE-2021-3564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device...

Linux Distros Unpatched Vulnerability : CVE-2025-37887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: pdscore: handle unsupported PDSCORECMDFWCONTROL result If the FW doesn't support the...

Linux Distros Unpatched Vulnerability : CVE-2022-50135

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix BUG: KASAN: null-ptr- deref in rxeqpdocleanup The function rxecreateqp calls...