Memory Leak Vulnerability in CryptoLib Affecting NASA's Core Flight System
CVE-2025-29910

5.5MEDIUM

Key Information:

Vendor: Nasa
Status: Cryptolib
Vendor: CVE Published:; 17 March 2025

What is CVE-2025-29910?

A memory leak has been detected in the crypto_handle_incrementing_nontransmitted_counter function of CryptoLib, which is utilized in securing communications between spacecraft and ground stations. This flaw arises from the allocation of memory via malloc without adequate freeing of that memory, causing resource depletion over time. Particularly in long-running processes and environments processing substantial amounts of data, this vulnerability could impair system performance or lead to a Denial of Service. As of now, no patched versions have been released to address this issue, posing significant risks to systems reliant on CryptoLib for high-throughput or continuous data streams.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CryptoLib <= 1.3.3

References

https://github.com/nasa/CryptoLib/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 17, 2025
Vulnerability Reserved
Mar 12, 2025

JSON

Nasa

What is CVE-2025-29910?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.