Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CryptoLib Memory Leak on HTTP Error Response in KMC Client
Vulnerability Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3.
CVSS Information
N/A
Vulnerability Type
在移除最后引用时对内存的释放不恰当(内存泄露)
Vulnerability Title
CryptoLib 安全漏洞
Vulnerability Description
CryptoLib是NASA开源的一个应用程序。用于使用 CCSDS 空间数据链路安全协议提供纯软件解决方案。 CryptoLib 1.4.3之前版本存在安全漏洞,该漏洞源于KMC服务器返回非200状态码时未释放已分配缓冲区,可能导致内存耗尽。
CVSS Information
N/A
Vulnerability Type
N/A