CVE-2025-29913

CVE-2025-29913 is a critical heap buffer overflow vulnerability in the CryptoLib library, versions 1.3.3 and prior. CryptoLib implements a software-only solution based on the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) for securing communications between a spacecraft running the core Flight System (cFS) and a ground station. The flaw resides in the `Crypto_TC_Prep_AAD` function, where an unsigned integer underflow occurs during the computation of `tc_mac_start_index`. This miscalculation fails to ensure the index stays within the bounds of the `ingest` buffer, resulting in an attempt to access an out-of-bounds memory location and a segmentation fault. The issue is associated with CWE-125 (Out-of-bounds Read) and CWE-191 (Integer Underflow), and it persists in the repository as of commit `d3cc420ace96d02a5b7e83d88cbd2e48010d5723`.

The vulnerability can be exploited remotely over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), earning a CVSS v3.1 base score of 9.8 (Critical) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). An attacker capable of sending telecommands (TC) to the affected system—such as a ground station or spacecraft—can supply a maliciously crafted TC frame to trigger the underflow. This leads to a denial of service via segmentation fault or, potentially, remote code execution if the out-of-bounds access allows further exploitation.

The GitHub security advisory at https://github.com/nasa/CryptoLib/security/advisories/GHSA-q4v2-fvrv-qrf6 provides further details on the issue. No specific patches or mitigations are detailed in the available information beyond awareness of the ongoing presence in the repository.