cbcvebase.

Nasa Cryptolib vulnerabilities

27 known vulnerabilities affecting nasa/cryptolib.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH13MEDIUM5LOW1

Vulnerabilities

Page 2 of 2
CVE-2024-44912P4HIGHCVSS 7.5v1.3.02024-09-27
CVE-2024-44912 [HIGH] CWE-125 CVE-2024-44912: NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_t NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c).
nvd
CVE-2026-21900P4MEDIUMCVSS 5.9fixed in 1.4.32026-01-10
CVE-2026-21900 [MEDIUM] CWE-125 CVE-2026-21900: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON meta
nvd
CVE-2026-22027P4MEDIUMCVSS 6.0fixed in 1.4.32026-01-10
CVE-2026-22027 [MEDIUM] CWE-122 CVE-2026-22027: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes
nvd
CVE-2026-22024P4MEDIUMCVSS 5.3fixed in 1.4.32026-01-10
CVE-2026-22024 [MEDIUM] CWE-401 CVE-2026-22024: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsin
nvd
CVE-2026-21899P4MEDIUMCVSS 4.9fixed in 1.4.32026-01-10
CVE-2026-21899 [MEDIUM] CWE-125 CVE-2026-21899: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inpu
nvd
CVE-2025-46675P4MEDIUMCVSS 4.2fixed in 1.3.22025-04-27
CVE-2025-46675 [MEDIUM] CWE-913 CVE-2025-46675: In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spac In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.
nvd
CVE-2026-22025P4LOWCVSS 3.7fixed in 1.4.32026-01-10
CVE-2026-22025 [LOW] CWE-401 CVE-2026-22025: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_dec
nvd
Nasa Cryptolib vulnerabilities | cvebase