CVE-2026-22697
Published: 10 January 2026
Summary
CVE-2026-22697 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Nasa Cryptolib. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-22697 is a heap buffer overflow vulnerability (CWE-122) in CryptoLib, a software-only library implementing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) for securing communications between spacecraft running the core Flight System (cFS) and ground stations. In versions prior to 1.4.3, the KMC crypto service integration mishandles Base64 decoding of ciphertext or cleartext fields in KMC JSON responses. The destination buffer is allocated based on an expected output length (len_data_out), but the decoder outputs based on the input Base64 length without enforcing bounds, allowing oversized inputs to trigger out-of-bounds heap writes. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An attacker with network access to a system using vulnerable CryptoLib can exploit this by crafting a KMC JSON response containing an oversized Base64-encoded string. No authentication or user interaction is required, enabling remote exploitation with low complexity. Successful exploitation causes heap corruption, reliably leading to process crashes that disrupt availability, and under certain conditions, could enable arbitrary code execution on the affected system.
NASA's GitHub security advisory (GHSA-qjx3-83jh-2jc4) and release notes for CryptoLib v1.4.3 detail the patch, which addresses the buffer sizing discrepancy in the Base64 decoder to prevent out-of-bounds writes. Security practitioners should upgrade to version 1.4.3 or later and review integrations with KMC services for exposure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1888
Vulnerability details
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto…
more
service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated heap overflow in a network-facing crypto service (KMC JSON response handling) directly enables exploitation of a public-facing application for RCE or DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires organizations to identify, report, and correct software flaws like the heap buffer overflow in CryptoLib's Base64 decoder, directly enabling timely patching to version 1.4.3 or later.
Mandates validation of information inputs such as oversized Base64 strings in KMC JSON responses to ensure consistency with permitted lengths and formats, preventing out-of-bounds heap writes.
Implements memory safeguards like heap protections and exploit mitigations to limit the impact of buffer overflows, reducing potential for process crashes or code execution.