{"id":"CVE-2025-61910","summary":"NASA ION-DTN BPv7 4.1.3s Uncontrolled Memory Allocation that leads to Denial-of-Service","details":"The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread termination and a Denial-of-Service (DoS). The triggering bundle contains an extension block starting at `0x85070201005bbb0e20b4ea001a000927c0...`. The first byte in the extension block (0x85) indicates a CBOR array of five elements of which the first four are numbers (0x07, 0x02, 0x01, 0x00) but the fifth element is a byte string of length 27 (`0x5bbb0e20b4ea001a000927c0...`). The vulnerability seems to be due to processing the fifth element of the array (i.e., the byte string) as replacing it with a number makes the vulnerability no longer be triggered. While parsing this extension block, ION obtains a very large block length, which in the code in `bei.c`:764) seems to be passed from `blockLength` which is an unsigned int, to a 32 bit signed integer `blkSize`. The unsigned to signed conversion causes `blkSize` to hold the value of -369092043, which is then converted into a 64-bit unsigned value inside `MTAKE(blkSize)`, resulting in an attempt to allocate an unrealistic amount of memory, causing the error. As of time of publication, no known patched versions of BPv7 exist.","aliases":["GHSA-xm96-38vj-h28h"],"modified":"2026-04-10T05:32:48.331234Z","published":"2025-10-07T19:31:33.358Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61910.json","cwe_ids":["CWE-789"]},"references":[{"type":"WEB","url":"https://github.com/nasa-jpl/ION-DTN/blob/ion-open-source-4.1.3s/bpv7/library/bei.c#L758-L769"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61910.json"},{"type":"ADVISORY","url":"https://github.com/nasa-jpl/ION-DTN/security/advisories/GHSA-xm96-38vj-h28h"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61910"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nasa-jpl/ion-dtn","events":[{"introduced":"0"},{"last_affected":"236eec4f84c333b2886084f4b70435cb4b8e21b8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"= 4.1.3s"}]}}],"versions":["IOS-4.1.1","ion-2.1.0","ion-2.2.0","ion-2.2.1","ion-2.2.1b","ion-2.3.0","ion-2.4.0","ion-2.5.0","ion-3.0.0","ion-3.1.0","ion-3.2.0","ion-3.3.0","ion-3.4.0","ion-3.5.0","ion-3.6.0","ion-4.1.1-release","ion-open-source-4.1.1","ion-open-source-4.1.2","ion-open-source-4.1.3","ion-open-source-4.1.3s"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61910.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}