Unrated severityNVD Advisory· Published Mar 6, 2024· Updated Aug 2, 2024

Invalid DATA_FRAG Submessage causes a bad-free error

CVE-2023-50716

Description

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the Inline_qos, SerializedPayload member of object ch will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue.

Affected products

Eprosima/Fast Ddsv5
Range: >= 2.12.0, < 2.12.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2hmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000