CVE-2026-22697

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3

Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) for secure communication between spacecraft and ground stations. Versions prior to 1.4.3 contain a heap buffer overflow in the KMC crypto service integration when decoding Base64-encoded ciphertext/cleartext fields received from the KMC service. The issue arises because the Base64 decoder does not limit the size of the output written to the destination buffer, potentially leading to out-of-bounds writes on the heap. This can result in process crashes and, under certain conditions, code execution. The vulnerability is triggered by oversized Base64 strings within the KMC JSON response. The vulnerable component involves the decoding of ciphertext and cleartext fields.

Recommendations Versions prior to 1.4.3 should be updated to version 1.4.3 or later.