CVE-2025-46674

Опубликовано: 27 апр. 2025

Источник: nvd

CVSS3: 3.5

CVSS3: 9.9

EPSS Низкий

Описание

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.

Ссылки

https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2
Product
https://github.com/nasa/CryptoLib/pull/365
Patch
https://securitybynature.fr/post/hacking-cryptolib/
Exploit
Press/Media Coverage
https://securitybynature.fr/post/hacking-cryptolib/
Exploit
Press/Media Coverage

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

Версия до 1.3.2 (исключая)

EPSS

Процентиль: 26%

0.00093

Низкий

3.5 Low

CVSS3

9.9 Critical

CVSS3

Дефекты

CWE-489

NVD-CWE-Other

Связанные уязвимости

GHSA-5q7p-2366-vgcc

CVSS3: 3.5

github

10 месяцев назад

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.

EPSS

Процентиль: 26%

0.00093

Низкий

3.5 Low

CVSS3

9.9 Critical

CVSS3

Дефекты

CWE-489

NVD-CWE-Other