CVE-2025-61910

Name of the Vulnerable Software and Affected Versions NASA’s Interplanetary Overlay Network (ION) version 4.1.3

Description A specially crafted BPv7 bundle with a malformed extension block can lead to a Denial-of-Service (DoS) condition in ION-DTN. The issue stems from uncontrolled memory allocation triggered by processing a byte string within an extension block. Specifically, the vulnerability occurs when parsing the fifth element of a CBOR array within the extension block. The code in bei.c:764 converts an unsigned integer blockLength to a signed integer blkSize, resulting in a negative value that, when converted to a 64-bit unsigned value, causes an attempt to allocate an unrealistic amount of memory. The triggering bundle contains an extension block starting at 0x85070201005bbb0e20b4ea001a000927c0....

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.