CVE-2026-21897

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3

Description CryptoLib is a software-only solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. The Crypto Config Add Gvcid Managed Parameters function does not adequately validate input, specifically only checking if gvcid counter is greater than GVCID MAN PARAM SIZE. This insufficient check allows for up to 251 entries, resulting in a write beyond the bounds of the gvcid managed parameters array array. This out-of-bounds write overwrites the gvcid counter variable, potentially impacting parameter lookup and registration logic that depends on its value.

Recommendations Versions prior to 1.4.3 should be updated to version 1.4.3 or later.