Published: 11/08/2023 Updated: 22/08/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eprosima fast dds
debian debian linux 11.0
debian debian linux 12.0

Debian Bug report logs - #1043548 fastdds: CVE-2023-39945 CVE-2023-39946 CVE-2023-39947 Package: src:fastdds; Maintainer for src:fastdds is Debian Robotics Team <team+robotics@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 12 Aug 2023 20:15:05 UTC Severity: important Tags: secur ...

Multipe security issues were discovered in Fast DDS, a C++ implementation of the DDS (Data Distribution Service), which might result in denial of service or potentially the execution of arbitrary code when processing malformed RTPS packets For the oldstable distribution (bullseye), these problems have been fixed in version 210+ds-9+deb11u1 For ...

NVD-CWE-Other https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap https://www.debian.org/security/2023/dsa-5481 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043548 https://www.debian.org/security/2023/dsa-5481 https://nvd.nist.gov

CVE-2023-39945

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect