CNNVD-202510-4196 Information

CNNVD ID

CNNVD-202510-4196

Related CVE

CVE-2025-64096

• CNNVD Published: 2025-10-30

Description (Chinese)

CryptoLib是NASA开源的一个应用程序。用于使用 CCSDS 空间数据链路安全协议提供纯软件解决方案。 CryptoLib 1.4.2之前版本存在安全漏洞，该漏洞源于Crypto_Key_update函数缺少边界检查，可能导致栈缓冲区溢出和内存损坏。

Description (English)

Criptolib is an application from NASA open source. Provides pure software solutions using CCDS spatial data link security protocols. There was a security gap in the pre-CryptoLib 1.4.2 version, which stemmed from the lack of border checks in the Crypto Key update function, which could lead to spill-out of the fence and damage to memory.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

美国国家航空航天局

Published

2025-10-30

Last Modified

2026-02-24

References

https://github.com/nasa/CryptoLib/security/advisories/GHSA-w6c3-pxvr-6m6j https://access.redhat.com/security/cve/cve-2025-64096

Patch

https://github.com/nasa/CryptoLib/releases