CVE-2025-30216

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f.

CVSS v3 9.4 CRITICAL

9.4^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f	Patch
https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv	Exploit Vendor Advisory
https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-25 20:15

Updated : 2025-05-06 19:34

NVD link : CVE-2025-30216

Mitre link : CVE-2025-30216

CVE.ORG link : CVE-2025-30216

JSON object : View

Products Affected

nasa

cryptolib

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-30216", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-03-25T20:15:22.567", "references": [{"url": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4", "tags": ["Broken Link"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f."}, {"lang": "es", "value": "CryptoLib ofrece una soluci\u00f3n exclusivamente de software que utiliza el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para proteger las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo (cFS) y una estaci\u00f3n terrestre. En las versiones 1.3.3 y anteriores, se produce una vulnerabilidad de desbordamiento de pila en la funci\u00f3n `Crypto_TM_ProcessSecurity` (`crypto_tm.c:1735:8`). Al procesar la longitud de la cabecera secundaria de un paquete del protocolo TM, si esta supera la longitud total del paquete, se produce un desbordamiento de pila durante la operaci\u00f3n memcpy, que copia los datos del paquete en el b\u00fafer asignado din\u00e1micamente `p_new_dec_frame`. Esto permite a un atacante sobrescribir la memoria de pila adyacente, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario o la inestabilidad del sistema. Hay un parche disponible en el commit 810fd66d592c883125272fef123c3240db2f170f."}], "lastModified": "2025-05-06T19:34:21.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C930C9B-8C81-459A-AB6D-5F6D85290E1C", "versionEndExcluding": "1.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}