CNNVD-202601-1774 Information
CNNVD ID
CNNVD-202601-1774
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
CryptoLib是NASA开源的一个应用程序。用于使用 CCSDS 空间数据链路安全协议提供纯软件解决方案。 CryptoLib 1.4.3之前版本存在安全漏洞,该漏洞源于KMC加密服务客户端的libcurl write_callback函数允许无限制内存增长,可能导致分配过多内存。
Description (English)
Criptolib is an application from NASA open source. Provides pure software solutions using CCDS spatial data link security protocols. The previous version of CriptoLib 1.4.3 contains a security loophole that originates from the libcurl write callback function of the KMC encryption service client, which allows unlimited memory growth and may lead to over-allocation memory.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
美国国家航空航天局
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7
Patch
https://github.com/nasa/CryptoLib/releases
Share on: