PT-2026-2131 · Cryptolib · Cryptolib
Enitmar
+1
·
Published
2026-01-10
·
Updated
2026-01-10
·
CVE-2026-22023
CVSS v4.0
8.2
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
CryptoLib versions prior to 1.4.3
Description
CryptoLib is a software-only solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft and a ground station. Versions prior to 1.4.3 contain an out-of-bounds heap read issue within the
cryptography aead encrypt() function. The issue stems from a flawed strtok pattern during KMC AEAD encrypt metadata parsing.Recommendations
Versions prior to 1.4.3 should be updated to version 1.4.3 or later.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cryptolib