HIGH🇬🇧 English

CVE-2023-42459

CVSS 8.6v3.1pub. 2023-10-16upd. 2025-04-11

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  • Eprosima Fast Dds

    APP
    Eprosima
    < 2.6.72.10.0 – 2.10.3 (bez)2.11.0 – 2.11.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2025-67108CRITICAL10.0PL ✓ten sam produkt

eProsima Fast-DDS: błędna walidacja odwołania certyfikatów/tokenów

CVE-2024-28231CRITICAL9.6PL ✓ten sam produkt

Heap buffer overflow w eprosima Fast DDS via manipulowany DATA Submessage

CVE-2023-50716CRITICAL9.6PL ✓ten sam produkt

eProsima Fast DDS — use-after-free przez nieprawidłowy pakiet DATA_FRAG

CVE-2023-50257CRITICAL9.6PL ✓ten sam produkt

eProsima Fast DDS — podatność rozłączenia subskrybentów RTPS w SROS2

CVE-2025-62599HIGH8.6ten sam produkt

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object M...