NASA CryptoLib Vulnerability Discovered: Out-of-Bounds Read in AOS Subsystem
CVE-2024-44910

7.5HIGH

Key Information:

Vendor: Nasa
Status: Cryptolib
Vendor: CVE Published:; 27 September 2024

What is CVE-2024-44910?

The NASA CryptoLib version 1.3.0 has been identified to contain an out-of-bounds read vulnerability in its AOS subsystem, specifically within the crypto_aos.c file. This security issue may allow attackers to access sensitive data or cause irregular behavior in applications utilizing this cryptographic library, potentially compromising the integrity of cryptographic operations. Users of CryptoLib should carefully assess their systems to determine if they are running the affected version, and consider implementing mitigations or patches as they become available.

References

https://github.com/nasa/CryptoLib/issues/268

https://visionspace.com/crashing-cryptolib/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2024

Nasa

What is CVE-2024-44910?

References

CVSS V3.1

Timeline