CVE-2025-54878
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nasa | cryptolib | to 1.4.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54878 is a heap buffer overflow vulnerability in NASA CryptoLib version 1.4.0 and prior. It occurs in the Initialization Vector (IV) setup logic for telecommand frames, where missing bounds checks allow copying one byte beyond the allocated heap buffer. An attacker can supply a crafted telecommand frame that causes this overflow, leading to heap corruption and undefined behavior such as crashes or potentially more severe exploitation. [2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to corrupt heap memory by sending a malformed telecommand frame. The resulting undefined behavior can cause the software to crash, leading to denial of service, or potentially allow more severe exploitation such as unauthorized code execution or system compromise. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring for malformed telecommand (TC) frames that trigger the heap buffer overflow in the IV setup logic. Specifically, sending or capturing TC frames with an 11-byte payload similar to the proof of concept (e.g., 0x20030004de0000000000) can help identify the vulnerability. Debugging tools like GDB can be used to inspect buffer sizes and local variables during processing. Additionally, AddressSanitizer (ASan) can detect heap-buffer-overflow errors when running the vulnerable CryptoLib code. There are no explicit commands provided, but using packet capture tools to filter telecommand frames and running the CryptoLib binary under ASan or GDB while feeding suspicious TC frames would be effective approaches. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade to CryptoLib version 1.4.1 or later, where the vulnerability has been patched. The patch includes stricter bounds checking and frame size validation to prevent the heap buffer overflow. Until the upgrade can be applied, it is advisable to implement input validation to reject malformed telecommand frames, especially those with suspicious IV lengths or frame sizes below the defined minimum (e.g., TC_MIN_FRAME_SIZE set to 5). Monitoring and filtering network traffic to block potentially malicious telecommand frames can also reduce risk. [2, 1]