CVE-2025-29910

Name of the Vulnerable Software and Affected Versions CryptoLib versions 1.3.3 and prior

Description A memory leak issue was identified in the crypto handle incrementing nontransmitted counter function, which can lead to resource exhaustion and degraded system performance over time. This issue is particularly concerning in long-running processes or systems that handle large volumes of data. The vulnerability is caused by the function allocating memory using malloc without ensuring the allocated memory is always freed, potentially resulting in a Denial of Service (DoS) in affected environments. Any system using CryptoLib, especially those handling high-throughput or continuous data streams, could be impacted.

Recommendations For CryptoLib versions 1.3.3 and prior, as a temporary workaround, consider restricting the use of the crypto handle incrementing nontransmitted counter function within crypto tc.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.