CVE-2026-22697 in CryptoLibthông tin

Tóm tắt

Bởi MITRE • 10/01/2026

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

GitHub M

Đặt trước

08/01/2026

Tiết lộ

10/01/2026

Kiểm duyệt

được chấp nhận

mục

VDB-340386

CPE

sẵn sàng

CWE

CWE-122 (Đã xác nhận)

CVSS

7.5 (CNA)

EPSS

0.00190

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22697
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22697
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22697/

◂ Trước Tổng Quan Tiếp theo ▸

Interested in the pricing of exploits?

See the underground prices here!