CVE-2023-39948

Name of the Vulnerable Software and Affected Versions eprosima Fast DDS versions prior to 2.10.0 and 2.6.5

Description The issue is related to insufficient handling of exceptional states in the eprosima Fast DDS library, which is a C++ implementation of the Data Distribution Service standard of the Object Management Group. This can allow a remote attacker to cause a denial of service by crashing any Fast DDS process. The BadParamException thrown by Fast CDR is not caught in Fast DDS, leading to this vulnerability.

Recommendations To resolve the issue, update to version 2.10.0 or 2.6.5, as these versions contain a patch for this issue. As a temporary workaround, consider implementing exception handling for the BadParamException thrown by Fast CDR to prevent remote crashes of Fast DDS processes.