top of page
perceptive_background_267k.jpg

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a…

Published:

9 januari 2026 om 23:00:00

Alert date:

10 januari 2026 om 13:10:58

Source:

nvd.nist.gov

Click to open the original link from this advisory

CVE-2026-21898 affects NASA's CryptoLib software, which provides security for spacecraft communications using the CCSDS Space Data Link Security Protocol. The vulnerability exists in the Crypto_AOS_ProcessSecurity function prior to version 1.4.3, where memory is read without proper bounds checking when parsing AOS frame hashes. This could potentially allow memory disclosure or corruption in spacecraft communication systems. The issue has been patched in CryptoLib version 1.4.3. Given the critical nature of spacecraft systems and the potential for communication security compromise, this vulnerability represents a high-severity issue for aerospace applications.

Technical details

Mitigation steps:

Affected products:

NASA CryptoLib
core Flight System (cFS)

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-21898
https://github.com/nasa/CryptoLib/releases/tag/v1.4.3
https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page