CVE-2026-21897
Unknown Unknown - Not Provided
Out-of-Bounds Write in CryptoLib SDLS-EP Parameter Handling

Publication date: 2026-01-10

Last updated on: 2026-01-10

Assigner: GitHub, Inc.

Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-10
Last Modified
2026-01-10
Generated
2026-06-16
AI Q&A
2026-01-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21897
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nasa cryptolib to 1.4.3 (exc)
nasa cryptolib 1.4.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds write in the Crypto_Config_Add_Gvcid_Managed_Parameters function of the CryptoLib package. The function only checks if gvcid_counter is greater than the maximum allowed size, allowing an entry up to the 251st index to be written. Since the array has only 251 entries indexed 0 to 250, writing to the 251st entry causes a write beyond the array bounds, overwriting the adjacent gvcid_counter variable in memory. This corrupted counter can be set to an arbitrary value, potentially disrupting parameter lookup and registration logic that depends on it. [1]

Impact Analysis

The vulnerability can be exploited remotely over the network without any privileges or user interaction and has low attack complexity. Its impact includes low confidentiality, integrity, and availability losses because the corrupted gvcid_counter may disrupt parameter lookup and registration logic, potentially causing unexpected behavior or denial of service in the system using CryptoLib. [1]

Mitigation Strategies

Upgrade the CryptoLib package to version 1.4.3 or later, as this version includes a patch that fixes the out-of-bounds write vulnerability in the Crypto_Config_Add_Gvcid_Managed_Parameters function. This update addresses the improper index validation and prevents memory corruption issues. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21897. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart