CVE-2026-22023 PUBLISHED

CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern

Assigner: GitHub_M
Reserved: 05.01.2026 Published: 10.01.2026 Updated: 13.01.2026

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.2

Product Status

Vendor nasa
Product CryptoLib
Versions
  • Version < 1.4.3 is affected

References

Problem Types

  • CWE-125: Out-of-bounds Read CWE