CVE-2025-29912

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the `Crypto_TC_ProcessSecurity` function of CryptoLib leads to a heap buffer overflow. The vulnerability is triggered when the `fl` (frame length) field in a Telecommand (TC) packet is set to 0. This underflow causes the frame length to be interpreted as 65535, resulting in out-of-bounds memory access. This critical vulnerability can be exploited to cause a denial of service (DoS) or potentially achieve remote code execution. Users of CryptoLib are advised to apply the recommended patch or avoid processing untrusted TC packets until a fix is available.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nasa/CryptoLib/commit/ca39cb96f21e76102aefb956d2c8c0ba0bd143ca	Patch
https://github.com/nasa/CryptoLib/security/advisories/GHSA-3f5x-r59x-p8cf	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

History

07 May 2025, 20:42

Type	Values Removed	Values Added
First Time		Nasa cryptolib Nasa
CPE		cpe:2.3:a:nasa:cryptolib::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
Summary		(es) CryptoLib ofrece una solución exclusivamente de software que utiliza el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para proteger las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo (cFS) y una estación terrestre. En las versiones 1.3.3 y anteriores, un desbordamiento de entero sin signo en la función `Crypto_TC_ProcessSecurity` de CryptoLib provoca un desbordamiento del búfer del montón. La vulnerabilidad se activa cuando el campo `fl` (longitud de trama) de un paquete de Telecomando (TC) se establece en 0. Este desbordamiento hace que la longitud de trama se interprete como 65535, lo que resulta en un acceso a memoria fuera de los límites. Esta vulnerabilidad crítica puede explotarse para provocar una denegación de servicio (DoS) o, potencialmente, la ejecución remota de código. Se recomienda a los usuarios de CryptoLib que apliquen el parche recomendado o eviten procesar paquetes TC no confiables hasta que esté disponible una solución.
CWE		CWE-787
References	~~() https://github.com/nasa/CryptoLib/commit/ca39cb96f21e76102aefb956d2c8c0ba0bd143ca -~~	() https://github.com/nasa/CryptoLib/commit/ca39cb96f21e76102aefb956d2c8c0ba0bd143ca - Patch
References	~~() https://github.com/nasa/CryptoLib/security/advisories/GHSA-3f5x-r59x-p8cf -~~	() https://github.com/nasa/CryptoLib/security/advisories/GHSA-3f5x-r59x-p8cf - Exploit, Vendor Advisory

17 Mar 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-17 23:15

Updated : 2025-05-07 20:42

NVD link : CVE-2025-29912

Mitre link : CVE-2025-29912

CVE.ORG link : CVE-2025-29912

JSON object : View

Products Affected

nasa

cryptolib

CWE

CWE-122

Heap-based Buffer Overflow

CWE-191

Integer Underflow (Wrap or Wraparound)

CWE-787

Out-of-bounds Write

9.8 /10