CNNVD-202601-1779 Information
CNNVD ID
CNNVD-202601-1779
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
CryptoLib是NASA开源的一个应用程序。用于使用 CCSDS 空间数据链路安全协议提供纯软件解决方案。 CryptoLib 1.4.3之前版本存在安全漏洞,该漏洞源于KMC服务器返回非200状态码时未释放已分配缓冲区,可能导致内存耗尽。
Description (English)
Criptolib is an application from NASA open source. Provides pure software solutions using CCDS spatial data link security protocols. There was a security loophole in the pre-CryptoLib 1.4.3 version, which resulted from the non-release of the allocated buffer zone on the return of the KMC server to a non-200 status code, which could lead to the depletion of the memory.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
美国国家航空航天局
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g
Patch
https://github.com/nasa/CryptoLib/releases
Share on: