Primary

Context

CryptoLib Out-of-Bounds Write Vulnerability in Gvcid Managed Parameters Function

Vulnerability

Patched

A high-severity out-of-bounds write vulnerability has been identified in CryptoLib versions prior to 1.4.3. The issue arises in the Crypto_Config_Add_Gvcid_Managed_Parameters function, which improperly validates the gvcid_counter parameter. This oversight allows the function to accept values that exceed the intended limit, leading to a write operation that extends beyond the allocated array boundary. The overflowed data can overwrite the gvcid_counter variable, potentially disrupting the parameter lookup and registration processes that depend on it.

Impact

Exploitation of this vulnerability causes a memory corruption issue by overwriting a counter variable with arbitrary values. This could disrupt the functionality of the parameter management system, leading to incorrect behavior in how parameters are looked up or registered.

Remediation

Users can upgrade to CryptoLib version 1.4.3 or later to address this vulnerability.

Added: Jan 10, 2026, 1:24 AM

Updated: Jan 10, 2026, 1:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.7

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.7

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CryptoLib Out-of-Bounds Write Vulnerability in Gvcid Managed Parameters Function

Vulnerability

Impact

Remediation

Affected Products

NASA CryptoLib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating