In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
Link | Tags |
---|---|
https://securitybynature.fr/post/hacking-cryptolib/ | third party advisory exploit |
https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 | patch |
https://github.com/nasa/CryptoLib/pull/358 | patch issue tracking |
https://github.com/nasa/CryptoLib/pull/359 | patch issue tracking |