CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29909 – CryptoLib's Crypto_TC_ApplySecurity() Has a Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-29909
17 Mar 2025 — CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a heap buffer overflow vulnerability in CryptoLib's `Crypto_TC_ApplySecurity()` allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result in denial of service (DoS) or, under certain conditions, remote co... • https://github.com/nasa/CryptoLib/commit/c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44910
https://notcve.org/view.php?id=CVE-2024-44910
27 Sep 2024 — NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c). • https://github.com/nasa/CryptoLib/issues/268 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44911
https://notcve.org/view.php?id=CVE-2024-44911
27 Sep 2024 — NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_aos.c). NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c). • https://github.com/nasa/CryptoLib/issues/268 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44912
https://notcve.org/view.php?id=CVE-2024-44912
27 Sep 2024 — NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c). • https://github.com/nasa/CryptoLib/issues/268 • CWE-125: Out-of-bounds Read •