Desglaneurs

**Name of the Vulnerable Software and Affected Versions** eprosima Fast DDS versions prior to 2.14.0 eprosima Fast DDS versions prior to 2.13.4 eprosima Fast DDS versions prior to 2.12.3 eprosima Fast DDS versions prior to 2.10.4 eprosima Fast DDS versions prior to 2.6.8 **Description** The issue is related to a manipulated DATA Submessage that can cause a heap overflow error in the Fast-DDS process, allowing it to be terminated remotely. The `payload size` in the DATA Submessage packet is declared as `uint32 t`. When a negative number is input into this variable, it results in an Integer Overflow, eventually leading to a heap-buffer-overflow and causing the program to terminate. **Recommendations** Update to version 2.14.0 or later to resolve the issue. Update to version 2.13.4 or later to resolve the issue. Update to version 2.12.3 or later to resolve the issue. Update to version 2.10.4 or later to resolve the issue. Update to version 2.6.8 or later to resolve the issue. As a temporary workaround, consider validating the `payload size` variable to prevent negative numbers from being input, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** eProsima Fast DDS versions prior to 2.13.0 eProsima Fast DDS versions prior to 2.12.2 eProsima Fast DDS versions prior to 2.11.3 eProsima Fast DDS versions prior to 2.10.3 eProsima Fast DDS versions prior to 2.6.7 **Description** The issue is related to an invalid DATA FRAG Submessage that causes a bad-free error, allowing the Fast-DDS process to be remotely terminated. When an invalid Data Frag packet is sent, the `Inline qos, SerializedPayload` member of object `ch` attempts to release memory without initialization, resulting in a 'bad-free' error. **Recommendations** For versions prior to 2.13.0, update to version 2.13.0 or later. For versions prior to 2.12.2, update to version 2.12.2 or later. For versions prior to 2.11.3, update to version 2.11.3 or later. For versions prior to 2.10.3, update to version 2.10.3 or later. For versions prior to 2.6.7, update to version 2.6.7 or later.

**Name of the Vulnerable Software and Affected Versions** eProsima Fast DDS versions prior to 2.13.0 eProsima Fast DDS versions prior to 2.12.2 eProsima Fast DDS versions prior to 2.11.3 eProsima Fast DDS versions prior to 2.10.3 eProsima Fast DDS versions prior to 2.6.7 **Description** A vulnerability has been discovered in eProsima Fast DDS where a malicious attacker can forcibly disconnect a Subscriber and deny a Subscriber attempting to connect. This is due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted. If the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. **Recommendations** For versions prior to 2.13.0, update to version 2.13.0 or later. For versions prior to 2.12.2, update to version 2.12.2 or later. For versions prior to 2.11.3, update to version 2.11.3 or later. For versions prior to 2.10.3, update to version 2.10.3 or later. For versions prior to 2.6.7, update to version 2.6.7 or later. As a temporary workaround, consider restricting access to the Global Data Space (`239.255.0.1:7400`) to minimize the risk of exploitation. Avoid using the `p[UD]` data and `guid` values in the affected API endpoint until the issue is resolved.