CVE-2025-29913

Name of the Vulnerable Software and Affected Versions CryptoLib versions 1.3.3 and prior

Description CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the Crypto TC Prep AAD function. This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted telecommand (TC) frame that causes an unsigned integer underflow. The vulnerability lies in the function Crypto TC Prep AAD, specifically during the computation of tc mac start index. The affected code incorrectly calculates the MAC start index without ensuring it remains within the bounds of the ingest buffer. When tc mac start index underflows due to an incorrect length calculation, the function attempts to access an out-of-bounds memory location, leading to a segmentation fault.

Recommendations As a temporary workaround, consider disabling the Crypto TC Prep AAD function until a patch is available. Restrict access to the ingest buffer to minimize the risk of exploitation. Avoid using the tc mac start index variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.