CryptoLib Heap Buffer Overflow Vulnerability in Telecommand Processing Function Allowing Denial-of-Service and Potential Remote Code Execution

A heap buffer overflow vulnerability has been identified in CryptoLib versions through 1.3.3. The issue arises in the 'Crypto_TC_ApplySecurity()' function, which is responsible for processing Telecommand (TC) frames. The vulnerability allows an attacker to craft a malicious TC frame that triggers out-of-bounds memory writes. This can lead to a denial-of-service condition by crashing the process or, under certain circumstances, allow for remote code execution. The vulnerability is particularly concerning for applications or systems that use CryptoLib for TC processing and do not properly validate incoming TC frames, such as satellite ground stations or mission control software.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can corrupt memory, leading to a process crash (denial-of-service) or, in systems with weak heap protections, remote code execution.

Reproduction

The vulnerability can be reproduced by compiling CryptoLib with AddressSanitizer enabled, and then using a test frame that exploits the buffer overflow. This test frame should be processed by the vulnerable 'Crypto_TC_ApplySecurity()' function, which will then trigger the heap buffer overflow.

Remediation

Users are advised to update to the patched version of CryptoLib, which is available on the project's GitHub repository.