PT-2023-4903 · Eprosima+2 · Eprosima Fast Dds+2

Squizz617

Publicado

2023-08-11

Atualizado

2023-08-24

CVE-2023-39947

CVSS v3.1

8.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions eprosima Fast DDS versions prior to 2.11.1 eprosima Fast DDS versions prior to 2.10.2 eprosima Fast DDS versions prior to 2.9.2 eprosima Fast DDS versions prior to 2.6.6

Description The issue is caused by a heap overflow in the dynamic memory due to malformed PID PROPERTY LIST parameters. This can allow a remote attacker to cause a denial of service, crashing any Fast-DDS process.

Recommendations For versions prior to 2.11.1, update to version 2.11.1 or later. For versions prior to 2.10.2, update to version 2.10.2 or later. For versions prior to 2.9.2, update to version 2.9.2 or later. For versions prior to 2.6.6, update to version 2.6.6 or later. As a temporary workaround, consider restricting the use of PID PROPERTY LIST parameters until a patch is applied.

Exploit

Correção

Memory Corruption

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-122

Identificadores relacionados

BDU:2023-05396

CVE-2023-39947

DSA-5481-1

GHSA-MF55-5747-C4PV

USN-6306-1

Produtos afetados

Linuxmint

Ubuntu

Eprosima Fast Dds

PT-2023-4903 · Eprosima+2 · Eprosima Fast Dds+2

CVE-2023-39947

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27