Stephanhav

**Name of the Vulnerable Software and Affected Versions** NASA’s Interplanetary Overlay Network (ION) version 4.1.3 **Description** A specially crafted BPv7 bundle with a malformed extension block can lead to a Denial-of-Service (DoS) condition in ION-DTN. The issue stems from uncontrolled memory allocation triggered by processing a byte string within an extension block. Specifically, the vulnerability occurs when parsing the fifth element of a CBOR array within the extension block. The code in `bei.c`:764 converts an unsigned integer `blockLength` to a signed integer `blkSize`, resulting in a negative value that, when converted to a 64-bit unsigned value, causes an attempt to allocate an unrealistic amount of memory. The triggering bundle contains an extension block starting at `0x85070201005bbb0e20b4ea001a000927c0...`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** CryptoLib versions 1.4.0 and earlier **Description:** CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow exists in the Initialization Vector (IV) setup logic for telecommand frames due to missing bounds checks when copying the `IV` into a newly allocated buffer. An attacker can supply a crafted TC frame, potentially corrupting heap memory and leading to undefined behavior, which may manifest as a denial of service or more severe exploitation. **Recommendations:** CryptoLib versions prior to 1.4.0 are affected. Update to CryptoLib version 1.4.0 or later.