CNNVD-202601-1778 Information
CNNVD ID
CNNVD-202601-1778
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
CryptoLib是NASA开源的一个应用程序。用于使用 CCSDS 空间数据链路安全协议提供纯软件解决方案。 CryptoLib 1.4.3之前版本存在缓冲区错误漏洞,该漏洞源于解析KMC服务器响应的JSON元数据时存在越界堆读取,可能导致读取超出分配的缓冲区边界。
Description (English)
Criptolib is an application from NASA open source. Provides pure software solutions using CCDS spatial data link security protocols. A previous version of CriptoLib 1.4.3 had an error loophole in the buffer zone, resulting from the cross-border readout of the JSON metadata from the KMC server, which could lead to reading beyond the allocated buffer zone boundary.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
美国国家航空航天局
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw
Patch
https://github.com/nasa/CryptoLib/releases
Share on: