CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes.
Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
Low
Partial disruption
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Nasa Cryptolib
cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*
|
— |
1.4.3
|
References 3
https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc8482…
security-advisories@github.com
https://github.com/nasa/CryptoLib/releases/tag/v1.4.3
security-advisories@github.com
https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g
security-advisories@github.com