← Retour aux CVEs
CVE-2026-22026
HIGH7.5
Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie1/10/2026
Derniere modification1/16/2026
Sourcenvd
Observations honeypot0
Produits affectes
nasa:cryptolib
Faiblesses (CWE)
CWE-789
References
https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d(security-advisories@github.com)
https://github.com/nasa/CryptoLib/releases/tag/v1.4.3(security-advisories@github.com)
https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7(security-advisories@github.com)
https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.