An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XEclipse Cyclone Data Distribution Service
APPEclipse< 0.10.5
Related vulnerabilities
Eclipse Cyclone DDS — błędna weryfikacja czasu certyfikatu umożliwia eskalację uprawnień
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscribe...
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscribe...
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...