NASA CryptoLib Heap Buffer Overflow Vulnerability in Telecommand IV Setup

A heap buffer overflow vulnerability has been identified in NASA CryptoLib versions through 1.4.0. The issue arises in the Initialization Vector (IV) setup logic for telecommand frames, where missing bounds checks allow for overwriting memory beyond the allocated buffer. This vulnerability can be exploited by sending a crafted telecommand frame, leading to heap corruption and undefined behavior, such as application crashes or more severe exploitation.

Impact

Exploitation of this vulnerability causes heap memory corruption, leading to undefined behavior that could manifest as a crash or allow for more severe exploitation.

Reproduction

The vulnerability can be reproduced by sending a telecommand frame that is crafted to overwrite the heap buffer. This can be done using a binary file that contains the malicious payload, which is then processed by the CryptoLib application with AddressSanitizer enabled. The AddressSanitizer will report the heap buffer overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users can upgrade to NASA CryptoLib version 1.4.1, which addresses this vulnerability.