CNNVD-202601-1777 Information

CNNVD ID

CNNVD-202601-1777

Related CVE

CVE-2026-22023

• CNNVD Published: 2026-01-10

Description (Chinese)

CryptoLib是NASA开源的一个应用程序。用于使用 CCSDS 空间数据链路安全协议提供纯软件解决方案。 CryptoLib 1.4.3之前版本存在缓冲区错误漏洞，该漏洞源于cryptography_aead_encrypt函数存在越界堆读取。

Description (English)

Criptolib is an application from NASA open source. Provides pure software solutions using CCDS spatial data link security protocols. The previous version of CriptoLib 1.4.3 had an error loophole in the buffer zone, resulting from the cross-border reading of the cryptogram aead encrypt function.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

美国国家航空航天局

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq

Patch

https://github.com/nasa/CryptoLib/releases