Cyclone DDS
by Eclipse
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-18735 | Hig | 0.49 | 7.5 | 0.02 | Aug 23, 2021 | A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | ||
| CVE-2021-38443 | Med | 0.43 | 6.6 | 0.02 | May 5, 2022 | Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. | ||
| CVE-2021-38441 | Med | 0.43 | 6.6 | 0.02 | May 5, 2022 | Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | ||
| CVE-2025-67109 | 0.00 | — | 0.00 | Dec 23, 2025 | Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges. |
- risk 0.49cvss 7.5epss 0.02
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
- risk 0.43cvss 6.6epss 0.02
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
- risk 0.43cvss 6.6epss 0.02
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
- CVE-2025-67109Dec 23, 2025risk 0.00cvss —epss 0.00
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.