VYPR
Unrated severityNVD Advisory· Published Mar 17, 2025· Updated Mar 18, 2025

CryptoLib Has Heap Buffer Overflow in Crypto_AOS_ProcessSecurity Function

CVE-2025-29911

Description

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the Crypto_AOS_ProcessSecurity function of CryptoLib versions 1.3.3 and prior. This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted AOS frame with an insufficient length. The vulnerability lies in the function Crypto_AOS_ProcessSecurity, specifically during the processing of the Frame Error Control Field (FECF). The affected code attempts to read from the p_ingest buffer at indices current_managed_parameters_struct.max_frame_size - 2 and current_managed_parameters_struct.max_frame_size - 1 without verifying if len_ingest is sufficiently large. This leads to a heap buffer overflow when len_ingest is smaller than max_frame_size. As of time of publication, no known patched versions exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nasa/Cryptolibllm-fuzzy2 versions
    <=1.3.3+ 1 more
    • (no CPE)range: <=1.3.3
    • (no CPE)range: <= 1.3.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.