Out-of-Bounds Heap Read Vulnerability in CryptoLib for Securing Space Communications
CVE-2026-22023

8.2HIGH

Key Information:

Vendor

Nasa

Status
Cryptolib
Vendor
CVE Published:
10 January 2026

What is CVE-2026-22023?

CryptoLib, a software solution by NASA that utilizes the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) for securing communications between spacecraft and ground stations, has an out-of-bounds heap read vulnerability in the cryptography_aead_encrypt() function. This vulnerability, present in versions prior to 1.4.3, poses serious risks to the integrity of secure communications. Users are advised to update to version 1.4.3 or later to mitigate potential exploitation.

Affected Version(s)

CryptoLib < 1.4.3

References

https://github.com/nasa/CryptoLib/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb22...
x_refsource_MISC
https://github.com/nasa/CryptoLib/releases/tag/v1.4.3
x_refsource_MISC

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.