HIGH🇬🇧 English

CVE-2021-38445

CVSS 7.0v3.1pub. 2022-05-05upd. 2024-11-21

OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
  • Objectcomputing Opendds

    APP
    Objectcomputing
    < 3.18.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2025-67111HIGH7.5ten sam produkt

An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to caus...

CVE-2023-52427HIGH7.5ten sam produkt

In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits....

CVE-2023-37915HIGH7.5ten sam produkt

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (D...

CVE-2021-38447HIGH8.6ten sam produkt

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood...

CVE-2024-30915MEDIUM4.3ten sam produkt

An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to...