CVE-2026-21900

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3

Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft and a ground station. An out-of-bounds heap read issue exists in the cryptography encrypt() function when processing JSON metadata received from KMC server responses. The problem stems from a flawed iteration pattern within the strtok function, specifically ptr + strlen(ptr) + 1, which can read one byte beyond the allocated buffer when handling short or malformed metadata strings.

Recommendations Versions prior to 1.4.3 should be updated to version 1.4.3 or later.