VYPR

Vendor CVEs

Eprosima

All CVEs

32 total · sorted by risk
  • CVE-2025-62600HigFeb 3, 2026
    risk 0.56cvss 8.6epss 0.00

    eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a…

  • CVE-2025-62599HigFeb 3, 2026
    risk 0.56cvss 8.6epss 0.00

    eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a…

  • CVE-2025-63548HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.

  • CVE-2025-63547HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field

  • CVE-2024-26369HigMar 19, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.

  • CVE-2025-64438Feb 3, 2026
    risk 0.00cvss epss 0.01

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when processing RTPS GAP…

  • CVE-2025-64098Feb 3, 2026
    risk 0.00cvss epss 0.00

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes…

  • CVE-2025-62799Feb 3, 2026
    risk 0.00cvss epss 0.00

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a…

  • CVE-2025-62603Feb 3, 2026
    risk 0.00cvss epss 0.01

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after…

  • CVE-2025-62602Feb 3, 2026
    risk 0.00cvss epss 0.00

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes…

  • CVE-2025-62601Feb 3, 2026
    risk 0.00cvss epss 0.01

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes…

  • CVE-2025-67108Dec 23, 2025
    risk 0.00cvss epss 0.00

    eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.

  • CVE-2025-65865Dec 23, 2025
    risk 0.00cvss epss 0.00

    An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-63829Nov 18, 2025
    risk 0.00cvss epss 0.00

    eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.

  • CVE-2025-24807Feb 11, 2025
    risk 0.00cvss epss 0.00

    eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date…

  • CVE-2024-30259May 13, 2024
    risk 0.00cvss epss 0.01

    FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can…

  • CVE-2024-30258May 13, 2024
    risk 0.00cvss epss 0.01

    FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can…

  • CVE-2024-30916Apr 11, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component.

  • CVE-2024-30917Apr 11, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component.

  • CVE-2024-28231Mar 20, 2024
    risk 0.00cvss epss 0.01

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the…

  • CVE-2023-50716Mar 6, 2024
    risk 0.00cvss epss 0.01

    eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process…

  • CVE-2023-50257Feb 19, 2024
    risk 0.00cvss epss 0.00

    eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not…

  • CVE-2023-42459Oct 16, 2023
    risk 0.00cvss epss 0.01

    Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process.…

  • CVE-2023-39949Aug 11, 2023
    risk 0.00cvss epss 0.01

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS…

  • CVE-2023-39948Aug 11, 2023
    risk 0.00cvss epss 0.01

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions…

  • CVE-2023-39947Aug 11, 2023
    risk 0.00cvss epss 0.01

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a…

  • CVE-2023-39946Aug 11, 2023
    risk 0.00cvss epss 0.01

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger…

  • CVE-2023-39945Aug 11, 2023
    risk 0.00cvss epss 0.01

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes…

  • CVE-2023-39534Aug 11, 2023
    risk 0.00cvss epss 0.01

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a…

  • CVE-2021-38425May 5, 2022
    risk 0.00cvss epss 0.05

    eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure.

  • CVE-2019-15137Aug 18, 2019
    risk 0.00cvss epss 0.01

    The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.

  • CVE-2019-15136Aug 18, 2019
    risk 0.00cvss epss 0.01

    The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition.