CVE-2026-21899

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3

Description CryptoLib is a software solution that uses the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft and a ground station. Prior to version 1.4.3, the base64urlDecode function contains a flaw where padding-stripping dereferences input data before verifying its validity. Specifically, it accesses input[inputLen - 1] before confirming that inputLen is greater than zero or that input is not NULL. If inputLen is zero, this results in an out-of-bounds read at input[-1], potentially causing the process to crash. If input is NULL and inputLen is zero, a dereference of NULL - 1 occurs.

Recommendations Versions prior to 1.4.3 should be updated to version 1.4.3 or later.