Описание
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3.
Ссылки
- Release Notes
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.3 (исключая)
cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
8.2 High
CVSS3
Дефекты
CWE-125
EPSS
Процентиль: 20%
0.00064
Низкий
8.2 High
CVSS3
Дефекты
CWE-125