CNNVD-202601-1775 Information
CNNVD ID
CNNVD-202601-1775
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
CryptoLib是NASA开源的一个应用程序。用于使用 CCSDS 空间数据链路安全协议提供纯软件解决方案。 CryptoLib 1.4.3之前版本存在安全漏洞,该漏洞源于convert_hexstring_to_byte_array函数写入解码字节时缺少容量检查,可能导致缓冲区溢出并损坏堆内存。
Description (English)
Criptolib is an application from NASA open source. Provides pure software solutions using CCDS spatial data link security protocols. There was a security loophole in the pre-CryptoLib 1.4.3 version, which originated from the lack of capacity checks when the decoding byte function of the convert hexstring to byte array was written, which could result in the buffer zone spilling out and damage to the memory.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
美国国家航空航天局
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x
Patch
https://github.com/nasa/CryptoLib/releases
Share on: