Nasa Cryptolib vulnerabilities
27 known vulnerabilities affecting nasa/cryptolib.
Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH13MEDIUM5LOW1
Vulnerabilities
Page 1 of 2
CVE-2025-30216P2CRITICALCVSS 9.1fixed in 1.4.0≤ 1.3.32025-03-25
CVE-2025-30216 [CRITICAL] CWE-122 CVE-2025-30216: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto
nvd
CVE-2025-64096P2HIGHCVSS 8.8fixed in 1.4.22025-10-30
CVE-2025-64096 [HIGH] CWE-121 CVE-2025-64096: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to 1.4.2, there is a missing bounds check in Crypto_Key_update() (crypto_key_mgmt.c) which allows a remote attacker
nvd
CVE-2025-29912P2CRITICALCVSS 9.8fixed in 1.4.0≤ 1.3.32025-03-17
CVE-2025-29912 [CRITICAL] CWE-122 CVE-2025-29912: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the `Crypto_TC_ProcessSecurity` function of CryptoLib le
nvd
CVE-2025-29909P2CRITICALCVSS 9.8fixed in 1.4.0≤ 1.3.32025-03-17
CVE-2025-29909 [CRITICAL] CWE-191 CVE-2025-29909: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a heap buffer overflow vulnerability in CryptoLib's `Crypto_TC_ApplySecurity()` allows an
nvd
CVE-2025-29911P3CRITICALCVSS 9.8≤ 1.3.32025-03-17
CVE-2025-29911 [CRITICAL] CWE-122 CVE-2025-29911: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the `Crypto_AOS_ProcessSecurity` function of CryptoLib
nvd
CVE-2025-29913P2CRITICALCVSS 9.8fixed in 1.4.0≤ 1.3.32025-03-17
CVE-2025-29913 [CRITICAL] CWE-125 CVE-2025-29913: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the `Crypto_TC_Prep_AAD` function of CryptoLib version
nvd
CVE-2025-46673P3CRITICALCVSS 9.9fixed in 1.3.22025-04-27
CVE-2025-46673 [CRITICAL] CWE-913 CVE-2025-46673: NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, pos
NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).
nvd
CVE-2025-30356P3CRITICALCVSS 9.8fixed in 1.4.02025-04-01
CVE-2025-30356 [CRITICAL] CVE-2025-30356: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomple
nvd
CVE-2025-54878P3HIGHCVSS 8.6fixed in 1.4.12025-08-11
CVE-2025-54878 [HIGH] CWE-122 CVE-2025-54878: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecomman
nvd
CVE-2025-46674P3CRITICALCVSS 9.9fixed in 1.3.22025-04-27
CVE-2025-46674 [CRITICAL] CWE-489 CVE-2025-46674: NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for u
NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.
nvd
CVE-2026-21897P3HIGHCVSS 7.3fixed in 1.4.32026-01-10
CVE-2026-21897 [HIGH] CWE-787 CVE-2026-21897: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_
nvd
CVE-2026-22026P3HIGHCVSS 7.5fixed in 1.4.32026-01-10
CVE-2026-22026 [HIGH] CWE-789 CVE-2026-22026: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growt
nvd
CVE-2025-46672P3HIGHCVSS 8.8fixed in 1.3.22025-04-27
CVE-2025-46672 [HIGH] CWE-252 CVE-2025-46672: NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially lea
NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.
nvd
CVE-2026-21898P3HIGHCVSS 8.2fixed in 1.4.32026-01-10
CVE-2026-21898 [HIGH] CWE-125 CVE-2026-21898: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AO
nvd
CVE-2025-59534P3HIGHCVSS 7.8fixed in 1.4.22025-09-23
CVE-2025-59534 [HIGH] CWE-78 CVE-2025-59534: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability in initialize_kerberos_keytab_file_login(). The vulnerab
nvd
CVE-2026-22697P3HIGHCVSS 7.5fixed in 1.4.32026-01-10
CVE-2026-22697 [HIGH] CWE-122 CVE-2026-22697: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding B
nvd
CVE-2026-22023P3HIGHCVSS 7.5fixed in 1.4.32026-01-10
CVE-2026-22023 [HIGH] CWE-125 CVE-2026-22023: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has b
nvd
CVE-2025-29910P3HIGHCVSS 7.5≤ 1.3.32025-03-17
CVE-2025-29910 [HIGH] CWE-401 CVE-2025-29910: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A memory leak vulnerability was identified in the `crypto_handle_incrementing_nontransmitted_counter` function of CryptoLi
nvd
CVE-2024-44910P4HIGHCVSS 7.5v1.3.02024-09-27
CVE-2024-44910 [HIGH] CWE-125 CVE-2024-44910: NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c).
nvd
CVE-2024-44911P4HIGHCVSS 7.5v1.3.02024-09-27
CVE-2024-44911 [HIGH] CWE-125 CVE-2024-44911: NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_t
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c).
nvd
1 / 2Next →