CVE-2025-29912

CVE-2025-29912 is an unsigned integer underflow vulnerability in the Crypto_TC_ProcessSecurity function of CryptoLib versions 1.3.3 and prior, leading to a heap buffer overflow. CryptoLib is a software-only solution that implements the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. The issue is triggered when the fl (frame length) field in a Telecommand (TC) packet is set to 0, causing the frame length to underflow and be interpreted as 65535, which results in out-of-bounds memory access. It is associated with CWE-122, CWE-191, and CWE-787.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. An attacker capable of sending a malicious TC packet to a vulnerable system can trigger the underflow, enabling denial of service through crashes or potentially remote code execution via controlled memory corruption.

NASA's CryptoLib GitHub security advisory (GHSA-3f5x-r59x-p8cf) and patch commit (ca39cb96f21e76102aefb956d2c8c0ba0bd143ca) recommend applying the fix immediately. Until patched, users should avoid processing untrusted TC packets.