top of page
perceptive_background_267k.jpg

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a…

Published:

9 January 2026 at 23:00:00

Alert date:

10 January 2026 at 13:10:58

Source:

nvd.nist.gov

Click to open the original link from this advisory

CVE-2026-22697 is a heap buffer overflow vulnerability in NASA's CryptoLib software prior to version 1.4.3. The vulnerability occurs in the KMC crypto service integration when decoding Base64-encoded data fields. An oversized Base64 string in KMC JSON responses can cause out-of-bounds writes on the heap, potentially leading to process crashes and code execution. CryptoLib is used to secure communications between spacecraft running core Flight System (cFS) and ground stations using the CCSDS Space Data Link Security Protocol. The issue has been patched in version 1.4.3.

Technical details

Mitigation steps:

Affected products:

CryptoLib
core Flight System (cFS)

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-22697
https://github.com/nasa/CryptoLib/releases/tag/v1.4.3
https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page