- Description
- FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25329FD4-C1B1-4531-9D30-6ED8E1962020",
"versionEndExcluding": "2.6.8"
},
{
"criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "853DA35B-E938-4744-9342-EB4057ED7FC7",
"versionEndExcluding": "2.10.4",
"versionStartIncluding": "2.10.0"
},
{
"criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34FCC01E-72D0-4CF2-A849-C869BB9CA898",
"versionEndExcluding": "2.13.5",
"versionStartIncluding": "2.13.0"
},
{
"criteria": "cpe:2.3:a:eprosima:fast_dds:2.14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1186C20-32E4-45D1-8CBA-63BFA962441B"
}
],
"operator": "OR"
}
]
}
]