CVE-2026-22697

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nasa/CryptoLib/releases/tag/v1.4.3	Release Notes
https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4	Vendor Advisory Exploit
https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4	Vendor Advisory Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-10 01:16

Updated : 2026-01-16 16:42

NVD link : CVE-2026-22697

Mitre link : CVE-2026-22697

CVE.ORG link : CVE-2026-22697

JSON object : View

Products Affected

nasa

cryptolib

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2026-22697", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-01-10T01:16:19.160", "references": [{"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4", "tags": ["Vendor Advisory", "Exploit"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4", "tags": ["Vendor Advisory", "Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib\u2019s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3."}], "lastModified": "2026-01-16T16:42:26.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582", "versionEndExcluding": "1.4.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}