Memory Leak in CryptoLib Affects NASA's Space Data Link Security Protocol
CVE-2026-22024

6.3MEDIUM

Key Information:

Vendor

Nasa

Status
Cryptolib
Vendor
CVE Published:
10 January 2026

What is CVE-2026-22024?

CryptoLib, utilized for securing communication between spacecraft and ground stations, contains a vulnerability in its cryptography_encrypt() function. Prior to version 1.4.3, this function fails to properly manage memory, resulting in a memory leak of approximately 400 bytes for each HTTP request and JSON parsing. As a result, sustained traffic can lead to significant memory exhaustion. A fix has been implemented in version 1.4.3 to address this issue.

Affected Version(s)

CryptoLib < 1.4.3

References

https://github.com/nasa/CryptoLib/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb22...
x_refsource_MISC
https://github.com/nasa/CryptoLib/releases/tag/v1.4.3
x_refsource_MISC

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.