VYPR
Unrated severityNVD Advisory· Published May 13, 2024· Updated Aug 2, 2024

FastDDS heap buffer overflow when publisher sends malformed packet

CVE-2024-30259

Description

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed RTPS packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Eprosima/FastDDSllm-create2 versions
    <2.6.8, >=2.7.0 <2.10.4, >=2.11.0 <2.13.5, >=2.14.0 <2.14.1+ 1 more
    • (no CPE)range: <2.6.8, >=2.7.0 <2.10.4, >=2.11.0 <2.13.5, >=2.14.0 <2.14.1
    • (no CPE)range: = 2.14.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.