Unrated severityNVD Advisory· Published May 13, 2024· Updated Aug 2, 2024

FastDDS crash when publisher send malformed packet

CVE-2024-30258

Description

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed RTPS packet, the subscriber crashes when creating pthread. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.

Affected products

Eprosima/Fast Ddsv5
Range: = 2.14.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.google.com/file/d/19W5UC52hPnAqVq_boZWO45d1TJ4WoCSh/viewmitrex_refsource_MISC
github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037bmitrex_refsource_MISC
github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfhmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000