CVE-2026-21897 - CryptoLib Plugin
CVE-2026-21897
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3.
CVE-2026-21897
HIGH
CVSS 7.3
Published 2026-01-10
Updated 2026-01-15
AI Risk High (76/100)
Active Exploit: No strong signal
Published Exploit: Public exploit references found
Priority: P2 Urgent
Severity Band
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Components
1
Reference Links
2
AI Risk Engine
High (76/100)
Exploitability
Medium
Active Exploitation
No strong signal
Published Exploit Status
Public exploit references found
AI Context
Machine-generated threat intelligence
AI
Updated 12 days ago
AI enriched 12 days ago (2026-04-09 07:10 UTC)
Technical Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the…
Potential Impact
Severity is HIGH (CVSS 7.3). Depending on deployment context, affected components may be exposed to unauthorized actions or data integrity risk.
Exploitability Assessment
Exploitability is assessed as Medium based on published exploit references.
Primary risk drivers: published exploit references
Mitigation Recommendations
Validate affected product versions, prioritize patching, and monitor references for vendor remediation guidance. If immediate patching is not possible, apply compensating controls and limit exposure of vulnerable surfaces.
Detection & Monitoring
Track authentication anomalies, unexpected file writes, and suspicious plugin API activity around affected components.
Business Impact Lens
Prioritize remediation where affected components process customer data, admin sessions, or Internet-exposed workflows.
