PT-2026-2131 · Cryptolib · Cryptolib

Enitmar

Publicado

2026-01-10

Atualizado

2026-01-10

CVE-2026-22023

CVSS v4.0

8.2

Alta

Vetor

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3

Description CryptoLib is a software-only solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft and a ground station. Versions prior to 1.4.3 contain an out-of-bounds heap read issue within the cryptography aead encrypt() function. The issue stems from a flawed strtok pattern during KMC AEAD encrypt metadata parsing.

Recommendations Versions prior to 1.4.3 should be updated to version 1.4.3 or later.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2026-22023

GHSA-8W3H-Q8JM-3CHQ

Produtos afetados

Cryptolib

PT-2026-2131 · Cryptolib · Cryptolib

CVE-2026-22023

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10