CVE-2025-29912
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-29912
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-29912.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-29912
- Aliases
-
- GHSA-3f5x-r59x-p8cf
- Published
- 2025-03-17T23:15:18Z
- Modified
- 2025-05-07T22:50:43.284691Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the
Crypto_TC_ProcessSecurityfunction of CryptoLib leads to a heap buffer overflow. The vulnerability is triggered when thefl(frame length) field in a Telecommand (TC) packet is set to 0. This underflow causes the frame length to be interpreted as 65535, resulting in out-of-bounds memory access. This critical vulnerability can be exploited to cause a denial of service (DoS) or potentially achieve remote code execution. Users of CryptoLib are advised to apply the recommended patch or avoid processing untrusted TC packets until a fix is available. - References