Cheshire1225

**Name of the Vulnerable Software and Affected Versions** CryptoLib versions 1.3.3 and prior **Description** A Heap Overflow issue occurs in the `Crypto TM ProcessSecurity` function when processing the Secondary Header Length of a TM protocol packet. If the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the `memcpy` operation that copies packet data into the dynamically allocated buffer `p new dec frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. **Recommendations** For CryptoLib versions 1.3.3 and prior, apply the patch available at commit 810fd66d592c883125272fef123c3240db2f170f to resolve the issue. As a temporary workaround, consider restricting the use of the `Crypto TM ProcessSecurity` function until the patch is applied.