Buffer Overflow Vulnerability in CryptoLib by NASA
CVE-2026-22027

5.7MEDIUM

Key Information:

Vendor

Nasa

Status
Cryptolib
Vendor
CVE Published:
10 January 2026

What is CVE-2026-22027?

The CryptoLib, used for securing communications between spacecraft and ground stations, has a buffer overflow vulnerability in the convert_hexstring_to_byte_array() function. This issue arises from inadequate capacity checks when writing decoded bytes into a user-provided buffer. A malformed or oversized hex string from the database could exploit this vulnerability, corrupting adjacent heap memory and potentially leading to unexpected behavior or system compromise. This vulnerability has been addressed in version 1.4.3.

Affected Version(s)

CryptoLib < 1.4.3

References

https://github.com/nasa/CryptoLib/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb22...
x_refsource_MISC
https://github.com/nasa/CryptoLib/releases/tag/v1.4.3
x_refsource_MISC

CVSS V4

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.