CVE-2025-61910
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-07

Last updated on: 2025-10-08

Assigner: GitHub, Inc.

Description
The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread termination and a Denial-of-Service (DoS). The triggering bundle contains an extension block starting at `0x85070201005bbb0e20b4ea001a000927c0...`. The first byte in the extension block (0x85) indicates a CBOR array of five elements of which the first four are numbers (0x07, 0x02, 0x01, 0x00) but the fifth element is a byte string of length 27 (`0x5bbb0e20b4ea001a000927c0...`). The vulnerability seems to be due to processing the fifth element of the array (i.e., the byte string) as replacing it with a number makes the vulnerability no longer be triggered. While parsing this extension block, ION obtains a very large block length, which in the code in `bei.c`:764) seems to be passed from `blockLength` which is an unsigned int, to a 32 bit signed integer `blkSize`. The unsigned to signed conversion causes `blkSize` to hold the value of -369092043, which is then converted into a 64-bit unsigned value inside `MTAKE(blkSize)`, resulting in an attempt to allocate an unrealistic amount of memory, causing the error. As of time of publication, no known patched versions of BPv7 exist.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-07
Last Modified
2025-10-08
Generated
2026-05-07
AI Q&A
2025-10-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-61910
EUVD
EUVD-2025-33181
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nasa ion-dtn 4.1.3s
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in NASA's Interplanetary Overlay Network (ION) Delay/Disruption Tolerant Networking (DTN) implementation version 4.1.3s. A malformed BPv7 bundle extension block causes the software to misinterpret a large block length due to an unsigned to signed integer conversion error. This leads to an attempt to allocate an unrealistic amount of memory, causing uncontrolled memory allocation and ultimately terminating the receiver thread, resulting in a Denial-of-Service (DoS).


How can this vulnerability impact me? :

The vulnerability can cause a Denial-of-Service (DoS) by terminating the receiver thread in the ION-DTN software when processing a specially crafted bundle. This means that the affected system could become unavailable or stop processing data correctly, potentially disrupting communications that rely on this network software.


What immediate steps should I take to mitigate this vulnerability?

Since no patched versions of BPv7 exist as of the publication date, immediate mitigation steps include monitoring and filtering incoming BPv7 bundles to block those containing malformed extension blocks similar to the described pattern starting with 0x85070201005bbb0e20b4ea001a000927c0..., and avoiding processing untrusted or suspicious bundles. Additionally, consider isolating or limiting access to the ION-DTN 4.1.3s service to trusted sources only to reduce exposure.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart