CNNVD-202508-967 Information
CNNVD ID
CNNVD-202508-967
Related CVE
- CNNVD Published: 2025-08-11
Description (Chinese)
NASA CryptoLib是美国国家航空航天局(NASA)的一个高度优化的加密库,旨在为软件开发者提供一套简洁易用的密码学工具集。 NASA CryptoLib 1.4.0及之前版本存在安全漏洞,该漏洞源于IV设置逻辑中缺少边界检查,可能导致堆缓冲区溢出。
Description (English)
NASA CryptoLib is a highly optimized encryption bank of the National Aeronautics and Space Administration (NASA) of the United States designed to provide software developers with a simple and easy-to-use set of password tools. There is a security loophole in NASA CryptoLib 1.4.0 and earlier versions, which stems from the lack of border checks in the IV set logic, which could lead to a spill over the buffer zone.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
美国国家航空航天局
Published
2025-08-11
Last Modified
2026-02-24
References
https://github.com/nasa/CryptoLib/security/advisories/GHSA-9qph-pxfm-q9g4 https://github.com/nasa/CryptoLib/commit/9b5b294ec09da450d2d4d05aea2db604ead48be1 https://access.redhat.com/security/cve/cve-2025-54878 https://nvd.nist.gov/vuln/detail/CVE-2025-54878
Patch
https://github.com/nasa/CryptoLib/releases
Share on: