CVE-2025-29911

Name of the Vulnerable Software and Affected Versions CryptoLib versions 1.3.3 and prior

Description A critical heap buffer overflow issue was identified in the Crypto AOS ProcessSecurity function, allowing an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted AOS frame with an insufficient length. The vulnerability lies in the function Crypto AOS ProcessSecurity, specifically during the processing of the Frame Error Control Field (FECF), where the affected code attempts to read from the p ingest buffer without verifying if len ingest is sufficiently large, leading to a heap buffer overflow when len ingest is smaller than max frame size.

Recommendations As a temporary workaround, consider disabling the Crypto AOS ProcessSecurity function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.