CVE-2025-30216

Published: Mar 25, 2025

Modified: Mar 25, 2025

PUBLISHED

CVSS v3.1

9.4

CRITICAL

Description

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f.

Vendor	Product	Versions
nasa	CryptoLib	affected `<= 1.3.3`

Weaknesses (CWE)

CWE-122

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

References

https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv

x_refsource_CONFIRM

https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f

x_refsource_MISC

https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-30216

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References