Unrated severityNVD Advisory· Published Oct 16, 2023· Updated Feb 13, 2025
Malformed DATA submessage leads to bad-free error in Fast-DDS
CVE-2023-42459
Description
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/eProsima/Fast-DDS/issues/3207mitrex_refsource_MISC
- github.com/eProsima/Fast-DDS/pull/3824mitrex_refsource_MISC
- github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gmmitrex_refsource_CONFIRM
- www.debian.org/security/2023/dsa-5568mitre
News mentions
0No linked articles in our index yet.