Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2026-22697

Good to know:

icon
icon

Date: January 9, 2026

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.

Severity Score

Related Resources (4)

https://github.com/nasa/CryptoLib/releases/tag/v1.4.3
https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4
https://nvd.nist.gov/vuln/detail/CVE-2026-22697
https://www.mend.io/vulnerability-database/CVE-2026-22697

Severity Score

Weakness Type (CWE)

Heap-based Buffer Overflow

CWE-122

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/nasa/CryptoLib.git - v1.4.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us