CVE-2026-22025

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3

Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft and a ground station. Before version 1.4.3, the cryptography encrypt() and cryptography decrypt() functions do not free allocated buffers when the KMC server returns a non-200 HTTP status code. Each failed request results in a memory leak of approximately 467 bytes, potentially leading to memory exhaustion with repeated failures. The issue occurs when interacting with the KMC server.

Recommendations Update to CryptoLib version 1.4.3 or later.