CNNVD-202509-3647 Information
CNNVD ID
CNNVD-202509-3647
Related CVE
- CNNVD Published: 2025-09-23
Description (Chinese)
CryptoLib是NASA开源的一个应用程序。用于使用 CCSDS 空间数据链路安全协议提供纯软件解决方案。 CryptoLib 1.4.2之前版本存在操作系统命令注入漏洞,该漏洞源于initialize_kerberos_keytab_file_login函数直接将用户控制的输入插入到shell命令中并通过system执行,缺少清理和验证,可能导致命令注入攻击。
Description (English)
Criptolib is an application from NASA open source. Provides pure software solutions using CCDS spatial data link security protocols. The pre-CryptoLib 1.4.2 version has an operational system command-injecting loophole, which stems from the fact that the Initialize kerberos keytab file login function directly inserts user-controlled input into the shell command and executes it through system, without clean-up and validation, which may lead to an order-injecting attack.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
美国国家航空航天局
Published
2025-09-23
Last Modified
2026-02-24
References
https://github.com/nasa/CryptoLib/commit/3ccb1b306026bb20a028fbfdcf18935f7345ed2f https://github.com/nasa/CryptoLib/security/advisories/GHSA-jw5c-58hr-m3v3
Patch
https://github.com/nasa/CryptoLib/releases
Share on: