do son 
A critical security vulnerability has been identified in CryptoLib, a C-based software implementation of the CCSDS Space Data Link Security Protocol (SDLS) and SDLS Extended Procedures (SDLS-EP). This flaw could have severe implications for the security of communications between spacecraft and ground stations.
The vulnerability, tracked as CVE-2025-30216 with a CVSS score of 9.4, is a heap overflow in the Crypto_TM_ProcessSecurity function (crypto_tm.c:1735:8). The issue arises during the processing of the Secondary Header Length of a TM protocol packet.
According to the advisory, “When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet’s total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer p_new_dec_frame“.
This heap overflow allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability.
The Crypto_TM_ProcessSecurity function allocates a buffer (p_new_dec_frame) dynamically based on the packet length (len_ingest) and copies data into it using memcpy. The number of bytes copied is calculated by adding the fixed Primary Header length (6 bytes) and the variable Secondary Header Length (secondary_hdr_len).
However, the vulnerability lies in the absence of a validation check to ensure that the sum of 6 and secondary_hdr_len does not exceed the allocated buffer size (len_ingest).
As the advisory explains, “While the & 0x3F + 1 operation caps secondary_hdr_len at 64 bytes, there is no check to ensure that 6 + secondary_hdr_len does not exceed the total packet length (len_ingest). If len_ingest is smaller than 6 + secondary_hdr_len, the memcpy operation will write beyond the bounds of p_new_dec_frame, causing a heap overflow“.
The exploitation of this vulnerability can lead to:
-
Denial of Service (DoS): The application may crash or become unstable due to the out-of-bounds memory access, disrupting service availability.
-
Remote Code Execution (RCE): Attackers could achieve arbitrary code execution by corrupting adjacent memory structures, compromising the system’s integrity and security.
It is crucial for users of CryptoLib to apply the necessary patches or updates to mitigate this vulnerability and secure their space communication systems.
