Home

Description

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.

PUBLISHED Reserved 2024-03-26 | Published 2024-05-13 | Updated 2024-08-02 | Assigner GitHub_M




HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Problem types

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-122: Heap-based Buffer Overflow

Product status

= 2.14.0
affected

>= 2.13.0, < 2.13.5
affected

>= 2.10.0, < 2.10.4
affected

< 2.6.8
affected

References

github.com/...st-DDS/security/advisories/GHSA-qcj9-939p-p662

drive.google.com/...OJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing

vimeo.com/907641887?share=copy

github.com/...st-DDS/security/advisories/GHSA-qcj9-939p-p662

drive.google.com/...OJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing

vimeo.com/907641887?share=copy

cve.org (CVE-2024-30259)

nvd.nist.gov (CVE-2024-30259)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.