Memory Leak Vulnerability in CryptoLib Affecting NASA's Core Flight System
CVE-2025-29910

5.5MEDIUM

Key Information:

Vendor: Nasa
Status: Cryptolib
Vendor: CVE Published:; 17 March 2025

What is CVE-2025-29910?

A memory leak has been detected in the crypto_handle_incrementing_nontransmitted_counter function of CryptoLib, which is utilized in securing communications between spacecraft and ground stations. This flaw arises from the allocation of memory via malloc without adequate freeing of that memory, causing resource depletion over time. Particularly in long-running processes and environments processing substantial amounts of data, this vulnerability could impair system performance or lead to a Denial of Service. As of now, no patched versions have been released to address this issue, posing significant risks to systems reliant on CryptoLib for high-throughput or continuous data streams.

Affected Version(s)

CryptoLib <= 1.3.3

References

https://github.com/nasa/CryptoLib/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2025
Vulnerability Reserved
Mar 12, 2025

Nasa

What is CVE-2025-29910?

Affected Version(s)

References

CVSS V4

Timeline