Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for OpenDDS by OpenDDS
CVE-2023-37915 (GCVE-0-2023-37915)
Vulnerability from nvd – Published: 2023-07-21 20:02 – Updated: 2024-10-10 18:56
VLAI
Title
Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS
Summary
OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OpenDDS/OpenDDS/security/advis… | x_refsource_CONFIRM |
| https://github.com/OpenDDS/OpenDDS/releases/tag/D… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenDDS | OpenDDS |
Affected:
< 3.25
|
|
| objectcomputing | opendds |
Affected:
0 , < 3.25
(custom)
cpe:2.3:a:objectcomputing:opendds:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9"
},
{
"name": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:objectcomputing:opendds:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "opendds",
"vendor": "objectcomputing",
"versions": [
{
"lessThan": "3.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37915",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:21:18.234632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:56:19.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenDDS",
"vendor": "OpenDDS",
"versions": [
{
"status": "affected",
"version": "\u003c 3.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T20:02:07.734Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9"
},
{
"name": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25"
}
],
"source": {
"advisory": "GHSA-v5pp-7prc-5xq9",
"discovery": "UNKNOWN"
},
"title": "Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37915",
"datePublished": "2023-07-21T20:02:07.734Z",
"dateReserved": "2023-07-10T17:51:29.612Z",
"dateUpdated": "2024-10-10T18:56:19.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23932 (GCVE-0-2023-23932)
Vulnerability from nvd – Published: 2023-02-03 20:08 – Updated: 2025-03-10 21:16
VLAI
Title
Specially crafted RTPS message may cause an OpenDDS application to crash
Summary
OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OpenDDS/OpenDDS/security/advis… | x_refsource_CONFIRM |
| https://github.com/OpenDDS/OpenDDS/releases/tag/D… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:27.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-8wvq-25f5-f8h4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-8wvq-25f5-f8h4"
},
{
"name": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.23.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.23.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:11.115138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:16:50.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenDDS",
"vendor": "OpenDDS",
"versions": [
{
"status": "affected",
"version": "\u003c 3.23.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T20:08:31.160Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-8wvq-25f5-f8h4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-8wvq-25f5-f8h4"
},
{
"name": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.23.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.23.1"
}
],
"source": {
"advisory": "GHSA-8wvq-25f5-f8h4",
"discovery": "UNKNOWN"
},
"title": "Specially crafted RTPS message may cause an OpenDDS application to crash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23932",
"datePublished": "2023-02-03T20:08:31.160Z",
"dateReserved": "2023-01-19T21:12:31.360Z",
"dateUpdated": "2025-03-10T21:16:50.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37915 (GCVE-0-2023-37915)
Vulnerability from cvelistv5 – Published: 2023-07-21 20:02 – Updated: 2024-10-10 18:56
VLAI
Title
Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS
Summary
OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OpenDDS/OpenDDS/security/advis… | x_refsource_CONFIRM |
| https://github.com/OpenDDS/OpenDDS/releases/tag/D… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenDDS | OpenDDS |
Affected:
< 3.25
|
|
| objectcomputing | opendds |
Affected:
0 , < 3.25
(custom)
cpe:2.3:a:objectcomputing:opendds:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9"
},
{
"name": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:objectcomputing:opendds:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "opendds",
"vendor": "objectcomputing",
"versions": [
{
"lessThan": "3.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37915",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:21:18.234632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:56:19.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenDDS",
"vendor": "OpenDDS",
"versions": [
{
"status": "affected",
"version": "\u003c 3.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T20:02:07.734Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9"
},
{
"name": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25"
}
],
"source": {
"advisory": "GHSA-v5pp-7prc-5xq9",
"discovery": "UNKNOWN"
},
"title": "Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37915",
"datePublished": "2023-07-21T20:02:07.734Z",
"dateReserved": "2023-07-10T17:51:29.612Z",
"dateUpdated": "2024-10-10T18:56:19.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23932 (GCVE-0-2023-23932)
Vulnerability from cvelistv5 – Published: 2023-02-03 20:08 – Updated: 2025-03-10 21:16
VLAI
Title
Specially crafted RTPS message may cause an OpenDDS application to crash
Summary
OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OpenDDS/OpenDDS/security/advis… | x_refsource_CONFIRM |
| https://github.com/OpenDDS/OpenDDS/releases/tag/D… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:27.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-8wvq-25f5-f8h4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-8wvq-25f5-f8h4"
},
{
"name": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.23.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.23.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:11.115138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:16:50.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenDDS",
"vendor": "OpenDDS",
"versions": [
{
"status": "affected",
"version": "\u003c 3.23.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T20:08:31.160Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-8wvq-25f5-f8h4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-8wvq-25f5-f8h4"
},
{
"name": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.23.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.23.1"
}
],
"source": {
"advisory": "GHSA-8wvq-25f5-f8h4",
"discovery": "UNKNOWN"
},
"title": "Specially crafted RTPS message may cause an OpenDDS application to crash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23932",
"datePublished": "2023-02-03T20:08:31.160Z",
"dateReserved": "2023-01-19T21:12:31.360Z",
"dateUpdated": "2025-03-10T21:16:50.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}