VYPR

Cyclone DDS

by Eclipse

CVEs (4)

  • CVE-2020-18735HigAug 23, 2021
    risk 0.49cvss 7.5epss 0.02

    A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.

  • CVE-2021-38443MedMay 5, 2022
    risk 0.43cvss 6.6epss 0.02

    Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.

  • CVE-2021-38441MedMay 5, 2022
    risk 0.43cvss 6.6epss 0.02

    Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

  • CVE-2025-67109Dec 23, 2025
    risk 0.00cvss epss 0.00

    Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

VYPR — Vulnerability Intelligence