CVE-2025-30356

Name of the Vulnerable Software and Affected Versions CryptoLib versions 1.3.3 and earlier

Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow exists in the Crypto TC ApplySecurity function due to an incomplete validation check on the fl (frame length) field. While a previous patch addressed an underflow issue involving fl, it did not fully prevent unsafe calculations. An attacker can craft malicious frames that cause a negative tf payload len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.

Recommendations Versions prior to 1.3.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.