CVE-2026-22026 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a…
High CVSS: 8.2

CVE-2026-22026

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.
Vendor
Nasa
Product
Cryptolib
CWE
CWE-789
Yayın Tarihi
2026-01-10 01:16:18
Güncelleme
2026-01-16 16:43:52
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-789 Cryptolib HIGH Nasa 2026

Referanslar

https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7 https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7