CVE-2025-30356

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nasa/CryptoLib/commit/59d1bce7608c94c6131ef4877535075b0649799c	Patch
https://github.com/nasa/CryptoLib/security/advisories/GHSA-6w2x-w7w3-85w2	Exploit Vendor Advisory
https://github.com/nasa/CryptoLib/security/advisories/GHSA-6w2x-w7w3-85w2	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

History

29 Apr 2025, 14:20

Type	Values Removed	Values Added
Summary		(es) CryptoLib ofrece una solución exclusivamente de software que utiliza el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para proteger las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo (cFS) y una estación terrestre. En la versión 1.3.3 y anteriores, persiste una vulnerabilidad de desbordamiento del búfer de pila en la función Crypto_TC_ApplySecurity debido a una comprobación de validación incompleta en el campo fl (longitud de la trama). Aunque CVE-2025-29912 solucionó un problema de desbordamiento por debajo de la capacidad de fl, el parche no previene completamente los cálculos inseguros. Como resultado, un atacante aún puede manipular tramas maliciosas que provoquen un valor negativo en tf_payload_len, que se interpreta como un valor grande sin signo, lo que provoca un desbordamiento del búfer de pila en una llamada a memcpy.
References	~~() https://github.com/nasa/CryptoLib/commit/59d1bce7608c94c6131ef4877535075b0649799c -~~	() https://github.com/nasa/CryptoLib/commit/59d1bce7608c94c6131ef4877535075b0649799c - Patch
References	~~() https://github.com/nasa/CryptoLib/security/advisories/GHSA-6w2x-w7w3-85w2 -~~	() https://github.com/nasa/CryptoLib/security/advisories/GHSA-6w2x-w7w3-85w2 - Exploit, Vendor Advisory
First Time		Nasa cryptolib Nasa
CPE		cpe:2.3:a:nasa:cryptolib::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

02 Apr 2025, 14:16

Type	Values Removed	Values Added
References	~~() https://github.com/nasa/CryptoLib/security/advisories/GHSA-6w2x-w7w3-85w2 -~~	() https://github.com/nasa/CryptoLib/security/advisories/GHSA-6w2x-w7w3-85w2 -

01 Apr 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 22:15

Updated : 2025-04-29 14:20

NVD link : CVE-2025-30356

Mitre link : CVE-2025-30356

CVE.ORG link : CVE-2025-30356

JSON object : View

Products Affected

nasa

cryptolib

CWE

CWE-191

Integer Underflow (Wrap or Wraparound)

CWE-787

Out-of-bounds Write

9.8 /10