CVE-2023-42459

Name of the Vulnerable Software and Affected Versions Fast DDS versions prior to 2.12.0 Fast DDS versions prior to 2.11.3 Fast DDS versions prior to 2.10.3 Fast DDS versions prior to 2.6.7

Description Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions, specific DATA submessages can be sent to a discovery locator, which may trigger a free error, potentially allowing a remote attacker to crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attacker's control, which could lead to a double free.

Recommendations For versions prior to 2.12.0, upgrade to version 2.12.0 or later. For versions prior to 2.11.3, upgrade to version 2.11.3 or later. For versions prior to 2.10.3, upgrade to version 2.10.3 or later. For versions prior to 2.6.7, upgrade to version 2.6.7 or later.