CVE-2025-29912

Name of the Vulnerable Software and Affected Versions CryptoLib versions 1.3.3 and prior

Description The issue is caused by an unsigned integer underflow in the Crypto TC ProcessSecurity function of CryptoLib, leading to a heap buffer overflow. This occurs when the fl (frame length) field in a Telecommand (TC) packet is set to 0, causing the frame length to be interpreted as 65535 and resulting in out-of-bounds memory access. This critical issue can be exploited to cause a denial of service (DoS) or potentially achieve remote code execution.

Recommendations For CryptoLib versions 1.3.3 and prior, apply the recommended patch or avoid processing untrusted TC packets until a fix is available. As a temporary workaround, consider disabling the Crypto TC ProcessSecurity function until a patch is available. Restrict access to untrusted TC packets to minimize the risk of exploitation.