Search criteria
19 vulnerabilities by eProsima
CVE-2025-24807 (GCVE-0-2025-24807)
Vulnerability from cvelistv5 – Published: 2025-02-11 15:31 – Updated: 2025-02-11 16:12
VLAI?
Summary
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access control plugin validates only the S/MIME signature which causes an expired PermissionsCA to be taken as valid. Even though this issue is responsible for allowing `governance/permissions` from an expired PermissionsCA and having the system crash when PermissionsCA is not self-signed and contains the full-chain, the impact is low. Versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0 contain a fix for the issue.
Severity ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:12:29.982265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:12:41.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.10"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.10.7"
},
{
"status": "affected",
"version": "\u003e= 2.11.0, \u003c 2.14.5"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.2"
},
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access control plugin validates only the S/MIME signature which causes an expired PermissionsCA to be taken as valid. Even though this issue is responsible for allowing `governance/permissions` from an expired PermissionsCA and having the system crash when PermissionsCA is not self-signed and contains the full-chain, the impact is low. Versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0 contain a fix for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:31:50.337Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-w33g-jmm2-8983",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-w33g-jmm2-8983"
},
{
"name": "https://github.com/eProsima/Fast-DDS/pull/5530",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/pull/5530"
},
{
"name": "https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/accesscontrol/Permissions.cpp#L390-L396",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/accesscontrol/Permissions.cpp#L390-L396"
},
{
"name": "https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/accesscontrol/Permissions.cpp#L412",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/accesscontrol/Permissions.cpp#L412"
},
{
"name": "https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/authentication/PKIDH.cpp#L241",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/authentication/PKIDH.cpp#L241"
},
{
"name": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"
}
],
"source": {
"advisory": "GHSA-w33g-jmm2-8983",
"discovery": "UNKNOWN"
},
"title": "Fast DDS does not verify Permissions CA"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24807",
"datePublished": "2025-02-11T15:31:50.337Z",
"dateReserved": "2025-01-23T17:11:35.840Z",
"dateUpdated": "2025-02-11T16:12:41.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24010 (GCVE-0-2023-24010)
Vulnerability from cvelistv5 – Published: 2025-01-09 14:36 – Updated: 2025-01-09 20:05
VLAI?
Summary
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.
Severity ?
8.2 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Credits
amrc-benmorrow
Gianluca Caizza
Ruffin White
Victor Mayoral Vilches
Mikael Arguedas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24010",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T15:29:56.704739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T15:30:17.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "sros2",
"product": "DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "amrc-benmorrow"
},
{
"lang": "en",
"type": "finder",
"value": "Gianluca Caizza"
},
{
"lang": "en",
"type": "finder",
"value": "Ruffin White"
},
{
"lang": "en",
"type": "finder",
"value": "Victor Mayoral Vilches"
},
{
"lang": "en",
"type": "finder",
"value": "Mikael Arguedas"
}
],
"datePublic": "2023-02-25T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate\u2019s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures."
}
],
"value": "An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate\u2019s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T20:05:48.421277Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://github.com/ros2/sros2/issues/282"
},
{
"url": "https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Instead of including the Permission CA into the store of trusted certificates to use for chain verification, the Permission CA (and only the Permission CA) should be included in the set of certificates in which to search for signer\u0027s certificates. The store of trusted certificates to use for chain verification should then also be set to null. 2) With the store of trusted certificates to use for chain verification set to null, the PKCS7_NOVERIFY flag should then be enabled so any signer\u0027s certificates (i.e. only the Permission CA) is not chain verified. 3) Given that only a valid signer\u0027s certificate must be the Permission CA, the PKCS7_NOINTERN flag should then be enabled so any set of certificates in the message itself are not searched when locating the signer\u0027s certificates."
}
],
"value": "Instead of including the Permission CA into the store of trusted certificates to use for chain verification, the Permission CA (and only the Permission CA) should be included in the set of certificates in which to search for signer\u0027s certificates. The store of trusted certificates to use for chain verification should then also be set to null. 2) With the store of trusted certificates to use for chain verification set to null, the PKCS7_NOVERIFY flag should then be enabled so any signer\u0027s certificates (i.e. only the Permission CA) is not chain verified. 3) Given that only a valid signer\u0027s certificate must be the Permission CA, the PKCS7_NOINTERN flag should then be enabled so any set of certificates in the message itself are not searched when locating the signer\u0027s certificates."
}
],
"source": {
"advisory": "RVD#3345",
"discovery": "EXTERNAL"
},
"title": "Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-24010",
"datePublished": "2025-01-09T14:36:05.972Z",
"dateReserved": "2023-01-20T12:00:57.059Z",
"dateUpdated": "2025-01-09T20:05:48.421277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30259 (GCVE-0-2024-30259)
Vulnerability from cvelistv5 – Published: 2024-05-13 14:45 – Updated: 2024-08-02 01:32
VLAI?
Summary
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
Severity ?
8.2 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"lessThan": "2.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:2.10.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "2.10.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:2.13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"lessThan": "2.13.5",
"status": "affected",
"version": "2.13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:2.14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"status": "affected",
"version": "2.14.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30259",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T19:24:09.926583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T18:16:26.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:05.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662"
},
{
"name": "https://drive.google.com/file/d/1Y2bGvP3UIOJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1Y2bGvP3UIOJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing"
},
{
"name": "https://vimeo.com/907641887?share=copy",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vimeo.com/907641887?share=copy"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "= 2.14.0"
},
{
"status": "affected",
"version": "\u003e= 2.13.0, \u003c 2.13.5"
},
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.4"
},
{
"status": "affected",
"version": "\u003c 2.6.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T14:45:28.134Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662"
},
{
"name": "https://drive.google.com/file/d/1Y2bGvP3UIOJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1Y2bGvP3UIOJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing"
},
{
"name": "https://vimeo.com/907641887?share=copy",
"tags": [
"x_refsource_MISC"
],
"url": "https://vimeo.com/907641887?share=copy"
}
],
"source": {
"advisory": "GHSA-qcj9-939p-p662",
"discovery": "UNKNOWN"
},
"title": "FastDDS heap buffer overflow when publisher sends malformed packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-30259",
"datePublished": "2024-05-13T14:45:28.134Z",
"dateReserved": "2024-03-26T12:52:00.934Z",
"dateUpdated": "2024-08-02T01:32:05.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30258 (GCVE-0-2024-30258)
Vulnerability from cvelistv5 – Published: 2024-05-13 14:41 – Updated: 2024-08-02 01:32
VLAI?
Summary
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
Severity ?
8.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30258",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T19:52:29.397980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:13.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:05.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b"
},
{
"name": "https://drive.google.com/file/d/19W5UC52hPnAqVq_boZWO45d1TJ4WoCSh/view?usp=sharing",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/19W5UC52hPnAqVq_boZWO45d1TJ4WoCSh/view?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "= 2.14.0"
},
{
"status": "affected",
"version": "\u003e= 2.13.0, \u003c 2.13.5"
},
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.4"
},
{
"status": "affected",
"version": "\u003c 2.6.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T14:41:52.318Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b"
},
{
"name": "https://drive.google.com/file/d/19W5UC52hPnAqVq_boZWO45d1TJ4WoCSh/view?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/19W5UC52hPnAqVq_boZWO45d1TJ4WoCSh/view?usp=sharing"
}
],
"source": {
"advisory": "GHSA-53xw-465j-rxfh",
"discovery": "UNKNOWN"
},
"title": "FastDDS crash when publisher send malformed packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-30258",
"datePublished": "2024-05-13T14:41:52.318Z",
"dateReserved": "2024-03-26T12:52:00.934Z",
"dateUpdated": "2024-08-02T01:32:05.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30916 (GCVE-0-2024-30916)
Vulnerability from cvelistv5 – Published: 2024-04-11 00:00 – Updated: 2025-02-10 22:45
VLAI?
Summary
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component.
Severity ?
4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:39:00.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/issues/4609"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T20:20:33.744192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T22:45:11.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-11T05:22:46.573Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/issues/4609"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30916",
"datePublished": "2024-04-11T00:00:00.000Z",
"dateReserved": "2024-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-10T22:45:11.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30917 (GCVE-0-2024-30917)
Vulnerability from cvelistv5 – Published: 2024-04-11 00:00 – Updated: 2024-08-02 01:39
VLAI?
Summary
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:2.14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"status": "affected",
"version": "2.14.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30917",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T17:44:00.988478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-229",
"description": "CWE-229 Improper Handling of Values",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:51:14.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:39:00.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/issues/4609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-11T05:22:48.355729",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/issues/4609"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30917",
"datePublished": "2024-04-11T00:00:00",
"dateReserved": "2024-03-27T00:00:00",
"dateUpdated": "2024-08-02T01:39:00.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28231 (GCVE-0-2024-28231)
Vulnerability from cvelistv5 – Published: 2024-03-20 20:03 – Updated: 2024-08-02 00:48
VLAI?
Summary
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue.
Severity ?
9.7 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"lessThan": "2.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:2.7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:2.11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"lessThan": "2.12.2",
"status": "affected",
"version": "2.11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:2.13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"lessThan": "2.13.4",
"status": "affected",
"version": "2.13.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28231",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T18:04:46.844368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T18:12:42.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.8"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.10.4"
},
{
"status": "affected",
"version": "\u003e= 2.11.0, \u003c 2.12.2"
},
{
"status": "affected",
"version": "\u003e= 2.13.0, \u003c 2.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T20:03:18.402Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b"
}
],
"source": {
"advisory": "GHSA-9m2j-qw67-ph4w",
"discovery": "UNKNOWN"
},
"title": "Manipulated DATA Submessage causes a heap-buffer-overflow error"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28231",
"datePublished": "2024-03-20T20:03:18.402Z",
"dateReserved": "2024-03-07T14:33:30.034Z",
"dateUpdated": "2024-08-02T00:48:49.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50716 (GCVE-0-2023-50716)
Vulnerability from cvelistv5 – Published: 2024-03-06 17:23 – Updated: 2024-08-02 22:16
VLAI?
Summary
eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue.
Severity ?
9.7 (Critical)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T19:52:53.644084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:09.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.12.0, \u003c 2.12.2"
},
{
"status": "affected",
"version": "\u003e= 2.11.0, \u003c 2.11.3"
},
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.3"
},
{
"status": "affected",
"version": "\u003c 2.6.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a \u0027bad-free\u0027 error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T17:23:55.916Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h"
}
],
"source": {
"advisory": "GHSA-5m2f-hvj2-cx2h",
"discovery": "UNKNOWN"
},
"title": "Invalid DATA_FRAG Submessage causes a bad-free error"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50716",
"datePublished": "2024-03-06T17:23:55.916Z",
"dateReserved": "2023-12-11T17:53:36.029Z",
"dateUpdated": "2024-08-02T22:16:47.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50257 (GCVE-0-2023-50257)
Vulnerability from cvelistv5 – Published: 2024-02-19 19:22 – Updated: 2024-08-14 13:54
VLAI?
Summary
eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7.
Severity ?
9.7 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eProsima | Fast-DDS |
Affected:
>= 2.12.0, < 2.12.2
Affected: >= 2.11.0, < 2.11.3 Affected: >= 2.7.0, < 2.10.3 Affected: < 2.6.7 Affected: FastDDS = 2.10.2-2 Affected: RMW - FastDDS = 7.1.1-2 Affected: FastDDS = 2.6.6-1 Affected: RMW - FastDDS = 6.2.3.1 Affected: FastDDS = 2.3.6-6 Affected: RMW - FastDDS = 5.0.2-1 Affected: FastDDS = 2.1.4-1 Affected: RMW - FastDDS = 1.3.2-1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/072cbc9d6a71d869a5cbed1873c0cdd6cf67cda4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/072cbc9d6a71d869a5cbed1873c0cdd6cf67cda4"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/e1869863c06db7fbb366ae53760fbe6e754be026",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/e1869863c06db7fbb366ae53760fbe6e754be026"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/f07a0213e655202188840b864be4438ae1067a13",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/f07a0213e655202188840b864be4438ae1067a13"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_dds",
"vendor": "eprosima",
"versions": [
{
"lessThan": "2.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.11.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.10.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.6.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50257",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:51:37.335841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:54:54.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.12.0, \u003c 2.12.2"
},
{
"status": "affected",
"version": "\u003e= 2.11.0, \u003c 2.11.3"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.10.3"
},
{
"status": "affected",
"version": "\u003c 2.6.7"
},
{
"status": "affected",
"version": "FastDDS = 2.10.2-2"
},
{
"status": "affected",
"version": "RMW - FastDDS = 7.1.1-2"
},
{
"status": "affected",
"version": "FastDDS = 2.6.6-1"
},
{
"status": "affected",
"version": "RMW - FastDDS = 6.2.3.1"
},
{
"status": "affected",
"version": "FastDDS = 2.3.6-6"
},
{
"status": "affected",
"version": "RMW - FastDDS = 5.0.2-1"
},
{
"status": "affected",
"version": "FastDDS = 2.1.4-1"
},
{
"status": "affected",
"version": "RMW - FastDDS = 1.3.2-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T19:22:45.526Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/072cbc9d6a71d869a5cbed1873c0cdd6cf67cda4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/072cbc9d6a71d869a5cbed1873c0cdd6cf67cda4"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/e1869863c06db7fbb366ae53760fbe6e754be026",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/e1869863c06db7fbb366ae53760fbe6e754be026"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/f07a0213e655202188840b864be4438ae1067a13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/f07a0213e655202188840b864be4438ae1067a13"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86"
}
],
"source": {
"advisory": "GHSA-v5r6-8mvh-cp98",
"discovery": "UNKNOWN"
},
"title": "Disconnect Vulnerability in RTPS Packets Used by SROS2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50257",
"datePublished": "2024-02-19T19:22:45.526Z",
"dateReserved": "2023-12-05T20:42:59.378Z",
"dateUpdated": "2024-08-14T13:54:54.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42459 (GCVE-0-2023-42459)
Vulnerability from cvelistv5 – Published: 2023-10-16 20:56 – Updated: 2025-02-13 17:09
VLAI?
Summary
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
8.6 (High)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm"
},
{
"name": "https://github.com/eProsima/Fast-DDS/issues/3207",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/issues/3207"
},
{
"name": "https://github.com/eProsima/Fast-DDS/pull/3824",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/pull/3824"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5568"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T16:15:17.004500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T16:15:25.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.11.0, \u003c= 2.11.1"
},
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.3"
},
{
"status": "affected",
"version": "\u003c 2.6.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-590",
"description": "CWE-590: Free of Memory not on the Heap",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T01:06:14.051Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm"
},
{
"name": "https://github.com/eProsima/Fast-DDS/issues/3207",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/issues/3207"
},
{
"name": "https://github.com/eProsima/Fast-DDS/pull/3824",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/pull/3824"
},
{
"url": "https://www.debian.org/security/2023/dsa-5568"
}
],
"source": {
"advisory": "GHSA-gq8g-fj58-22gm",
"discovery": "UNKNOWN"
},
"title": "Malformed DATA submessage leads to bad-free error in Fast-DDS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42459",
"datePublished": "2023-10-16T20:56:04.284Z",
"dateReserved": "2023-09-08T20:57:45.574Z",
"dateUpdated": "2025-02-13T17:09:23.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39949 (GCVE-0-2023-39949)
Vulnerability from cvelistv5 – Published: 2023-08-11 13:55 – Updated: 2025-02-13 17:03
VLAI?
Summary
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg"
},
{
"name": "https://github.com/eProsima/Fast-DDS/issues/3236",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/issues/3236"
},
{
"name": "https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39949",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T18:16:14.050913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:16:30.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.9.1"
},
{
"status": "affected",
"version": "\u003c 2.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T03:06:17.242Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg"
},
{
"name": "https://github.com/eProsima/Fast-DDS/issues/3236",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/issues/3236"
},
{
"name": "https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059"
},
{
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"source": {
"advisory": "GHSA-3jv9-j9x3-95cg",
"discovery": "UNKNOWN"
},
"title": "Improper validation of sequence numbers leading to remotely reachable assertion failure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39949",
"datePublished": "2023-08-11T13:55:14.350Z",
"dateReserved": "2023-08-07T16:27:27.074Z",
"dateUpdated": "2025-02-13T17:03:18.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39948 (GCVE-0-2023-39948)
Vulnerability from cvelistv5 – Published: 2023-08-11 13:51 – Updated: 2025-02-13 17:03
VLAI?
Summary
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue.
Severity ?
7.5 (High)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f"
},
{
"name": "https://github.com/eProsima/Fast-DDS/issues/3422",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/issues/3422"
},
{
"name": "https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39948",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T18:17:56.742500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:18:58.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.5"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T03:06:18.795Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f"
},
{
"name": "https://github.com/eProsima/Fast-DDS/issues/3422",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/issues/3422"
},
{
"name": "https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip"
},
{
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"source": {
"advisory": "GHSA-x9pj-vrgf-f68f",
"discovery": "UNKNOWN"
},
"title": "Uncaught fastcdr exception (Unexpected CDR type received) crashing fastdds"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39948",
"datePublished": "2023-08-11T13:51:38.871Z",
"dateReserved": "2023-08-07T16:27:27.074Z",
"dateUpdated": "2025-02-13T17:03:18.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39947 (GCVE-0-2023-39947)
Vulnerability from cvelistv5 – Published: 2023-08-11 13:43 – Updated: 2025-02-13 17:03
VLAI?
Summary
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.
Severity ?
8.2 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:09:15.744600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:09:26.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.6"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.9.2"
},
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.2"
},
{
"status": "affected",
"version": "= 2.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T03:06:10.852Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc"
},
{
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"source": {
"advisory": "GHSA-mf55-5747-c4pv",
"discovery": "UNKNOWN"
},
"title": "Another heap overflow in push_back_helper"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39947",
"datePublished": "2023-08-11T13:43:26.484Z",
"dateReserved": "2023-08-07T16:27:27.074Z",
"dateUpdated": "2025-02-13T17:03:17.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39946 (GCVE-0-2023-39946)
Vulnerability from cvelistv5 – Published: 2023-08-11 13:37 – Updated: 2025-02-13 17:03
VLAI?
Summary
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.
Severity ?
8.2 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39946",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:22:11.929256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:22:26.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.6"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.9.2"
},
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.2"
},
{
"status": "affected",
"version": "= 2.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet\u0027ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T03:06:14.033Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx"
},
{
"name": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc"
},
{
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"source": {
"advisory": "GHSA-j297-rg6j-m7hx",
"discovery": "UNKNOWN"
},
"title": "Heap overflow in push_back_helper due to a CDR message"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39946",
"datePublished": "2023-08-11T13:37:07.478Z",
"dateReserved": "2023-08-07T16:27:27.074Z",
"dateUpdated": "2025-02-13T17:03:16.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39945 (GCVE-0-2023-39945)
Vulnerability from cvelistv5 – Published: 2023-08-11 13:21 – Updated: 2025-02-13 17:03
VLAI?
Summary
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue.
Severity ?
8.2 (High)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9"
},
{
"name": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap"
},
{
"name": "https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39945",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T18:53:33.089778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:53:52.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.5"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.9.2"
},
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T03:06:12.473Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9"
},
{
"name": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap",
"tags": [
"x_refsource_MISC"
],
"url": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap"
},
{
"name": "https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79"
},
{
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"source": {
"advisory": "GHSA-2rq6-8j7x-frr9",
"discovery": "UNKNOWN"
},
"title": "Malformed serialized data in a data submessage leads to unhandled exception"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39945",
"datePublished": "2023-08-11T13:21:53.298Z",
"dateReserved": "2023-08-07T16:27:27.074Z",
"dateUpdated": "2025-02-13T17:03:16.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39534 (GCVE-0-2023-39534)
Vulnerability from cvelistv5 – Published: 2023-08-11 13:12 – Updated: 2025-02-13 17:03
VLAI?
Summary
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp"
},
{
"name": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap"
},
{
"name": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252"
},
{
"name": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39534",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T18:56:42.571569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:56:49.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast-DDS",
"vendor": "eProsima",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.5"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T03:06:15.558Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp"
},
{
"name": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap",
"tags": [
"x_refsource_MISC"
],
"url": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap"
},
{
"name": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252"
},
{
"name": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863"
},
{
"url": "https://www.debian.org/security/2023/dsa-5481"
}
],
"source": {
"advisory": "GHSA-fcr6-x23w-94wp",
"discovery": "UNKNOWN"
},
"title": "Malformed GAP submessage triggers assertion failure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39534",
"datePublished": "2023-08-11T13:12:00.633Z",
"dateReserved": "2023-08-03T16:27:36.264Z",
"dateUpdated": "2025-02-13T17:03:12.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38425 (GCVE-0-2021-38425)
Vulnerability from cvelistv5 – Published: 2022-05-05 15:24 – Updated: 2025-04-16 16:23
VLAI?
Summary
eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure.
Severity ?
7.5 (High)
CWE
- CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Federico Maggi (Trend Micro Research), Ta-Lun Yen, and Chizuru Toyama (TXOne Networks, Trend Micro) reported these vulnerabilities to CISA. In addition, Patrick Kuo, Mars Cheng (TXOne Networks, Trend Micro), Víctor Mayoral-Vilches (Alias Robotics), and Erik Boasson (ADLINK Technology) also contributed to this research.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-DDS"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:35.212159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:23:11.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fast DDS",
"vendor": "eProsima",
"versions": [
{
"lessThan": "2.4.0 (#2269)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Federico Maggi (Trend Micro Research), Ta-Lun Yen, and Chizuru Toyama (TXOne Networks, Trend Micro) reported these vulnerabilities to CISA. In addition, Patrick Kuo, Mars Cheng (TXOne Networks, Trend Micro), V\u00edctor Mayoral-Vilches (Alias Robotics), and Erik Boasson (ADLINK Technology) also contributed to this research."
}
],
"descriptions": [
{
"lang": "en",
"value": "eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-406",
"description": "CWE-406 Insufficient Control of Network Message Volume (Network Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T15:24:24.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eProsima/Fast-DDS"
}
],
"solutions": [
{
"lang": "en",
"value": "eProsima recommends users apply the latest Fast DDS patches.\nhttps://github.com/eProsima/Fast-DDS"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "eProsima Fast DDS Network Amplification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38425",
"STATE": "PUBLIC",
"TITLE": "eProsima Fast DDS Network Amplification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fast DDS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.4.0 (#2269)"
}
]
}
}
]
},
"vendor_name": "eProsima"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Federico Maggi (Trend Micro Research), Ta-Lun Yen, and Chizuru Toyama (TXOne Networks, Trend Micro) reported these vulnerabilities to CISA. In addition, Patrick Kuo, Mars Cheng (TXOne Networks, Trend Micro), V\u00edctor Mayoral-Vilches (Alias Robotics), and Erik Boasson (ADLINK Technology) also contributed to this research."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-406 Insufficient Control of Network Message Volume (Network Amplification)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02"
},
{
"name": "https://github.com/eProsima/Fast-DDS",
"refsource": "CONFIRM",
"url": "https://github.com/eProsima/Fast-DDS"
}
]
},
"solution": [
{
"lang": "en",
"value": "eProsima recommends users apply the latest Fast DDS patches.\nhttps://github.com/eProsima/Fast-DDS"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38425",
"datePublished": "2022-05-05T15:24:24.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:23:11.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15137 (GCVE-0-2019-15137)
Vulnerability from cvelistv5 – Published: 2019-08-18 15:44 – Updated: 2024-08-05 00:34
VLAI?
Summary
The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/abs/1908.05310"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-RTPS/issues/441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-18T15:44:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/abs/1908.05310"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-RTPS/issues/441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://arxiv.org/abs/1908.05310",
"refsource": "MISC",
"url": "https://arxiv.org/abs/1908.05310"
},
{
"name": "https://github.com/eProsima/Fast-RTPS/issues/441",
"refsource": "MISC",
"url": "https://github.com/eProsima/Fast-RTPS/issues/441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15137",
"datePublished": "2019-08-18T15:44:12",
"dateReserved": "2019-08-18T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15136 (GCVE-0-2019-15136)
Vulnerability from cvelistv5 – Published: 2019-08-18 15:43 – Updated: 2024-08-05 00:34
VLAI?
Summary
The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/abs/1908.05310"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eProsima/Fast-RTPS/issues/443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-18T15:43:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/abs/1908.05310"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eProsima/Fast-RTPS/issues/443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://arxiv.org/abs/1908.05310",
"refsource": "MISC",
"url": "https://arxiv.org/abs/1908.05310"
},
{
"name": "https://github.com/eProsima/Fast-RTPS/issues/443",
"refsource": "MISC",
"url": "https://github.com/eProsima/Fast-RTPS/issues/443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15136",
"datePublished": "2019-08-18T15:43:46",
"dateReserved": "2019-08-18T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}