CVE-2025-46673

NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).
Configurations

Configuration 1 (hide)

cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

History

29 May 2025, 14:02

Type Values Removed Values Added
References () https://github.com/nasa/CryptoLib/compare/v1.3.0...v1.3.1 - () https://github.com/nasa/CryptoLib/compare/v1.3.0...v1.3.1 - Product
References () https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 - () https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 - Product
References () https://github.com/nasa/CryptoLib/pull/286 - () https://github.com/nasa/CryptoLib/pull/286 - Product
References () https://github.com/nasa/CryptoLib/pull/306 - () https://github.com/nasa/CryptoLib/pull/306 - Product
References () https://securitybynature.fr/post/hacking-cryptolib/ - () https://securitybynature.fr/post/hacking-cryptolib/ - Exploit, Press/Media Coverage
First Time Nasa cryptolib
Nasa
CPE cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

29 Apr 2025, 16:15

Type Values Removed Values Added
References () https://securitybynature.fr/post/hacking-cryptolib/ - () https://securitybynature.fr/post/hacking-cryptolib/ -

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) La NASA CryptoLib anterior a la versión 1.3.2 no verifica si el SA está en estado operativo antes de su uso, lo que posiblemente provoque una evasión del protocolo de seguridad de enlace de datos espaciales (SDLS).

27 Apr 2025, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-27 01:15

Updated : 2025-05-29 14:02


NVD link : CVE-2025-46673

Mitre link : CVE-2025-46673

CVE.ORG link : CVE-2025-46673


JSON object : View

Products Affected

nasa

  • cryptolib
CWE
CWE-913

Improper Control of Dynamically-Managed Code Resources