cve-2025-30216
Vulnerability from cvelistv5
Published
2025-03-25 19:22
Modified
2025-03-25 19:37
Severity ?
EPSS score ?
Summary
CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30216",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T19:37:16.643373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T19:37:44.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet\u0027s total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T19:22:22.645Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f"
},
{
"name": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4"
}
],
"source": {
"advisory": "GHSA-v3jc-5j74-hcjv",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30216",
"datePublished": "2025-03-25T19:22:22.645Z",
"dateReserved": "2025-03-18T18:15:13.850Z",
"dateUpdated": "2025-03-25T19:37:44.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-30216\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-25T20:15:22.567\",\"lastModified\":\"2025-03-27T16:45:46.410\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet\u0027s total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f.\"},{\"lang\":\"es\",\"value\":\"CryptoLib ofrece una soluci\u00f3n exclusivamente de software que utiliza el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para proteger las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo (cFS) y una estaci\u00f3n terrestre. En las versiones 1.3.3 y anteriores, se produce una vulnerabilidad de desbordamiento de pila en la funci\u00f3n `Crypto_TM_ProcessSecurity` (`crypto_tm.c:1735:8`). Al procesar la longitud de la cabecera secundaria de un paquete del protocolo TM, si esta supera la longitud total del paquete, se produce un desbordamiento de pila durante la operaci\u00f3n memcpy, que copia los datos del paquete en el b\u00fafer asignado din\u00e1micamente `p_new_dec_frame`. Esto permite a un atacante sobrescribir la memoria de pila adyacente, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario o la inestabilidad del sistema. Hay un parche disponible en el commit 810fd66d592c883125272fef123c3240db2f170f.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.