Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-42459

Опубликовано: 16 окт. 2023
Источник: debian
EPSS Низкий

Описание

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
fastddsfixed2.11.2+ds-6package
fastddsnot-affectedbullseyepackage

Примечания

  • https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm

  • https://github.com/eProsima/Fast-DDS/issues/3207

  • https://github.com/eProsima/Fast-DDS/pull/3824

  • https://github.com/eProsima/Fast-DDS/commit/1e978c6f3d0ca1df6b323b37fd4902b0762ececb

EPSS

Процентиль: 52%
0.00288
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-42459

CVSS3: 8.6
ubuntu
больше 2 лет назад

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2023-42459

CVSS3: 8.6
nvd
больше 2 лет назад

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

fstec логотип

BDU:2023-08376

CVSS3: 8.6
fstec
больше 2 лет назад

Уязвимость библиотеки Fast DDS, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 52%
0.00288
Низкий
Уязвимость CVE-2023-42459