Eclipse Foundation · Eclipse Cyclonedds · CVE-2024-10838
Name of the Vulnerable Software and Affected Versions:
The product name cannot be determined.
Description:
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory, potentially leading to the inclusion of secret data or pointers that reveal the layout of the address space into a deserialized data structure. This could result in thread crashes or denial of service conditions. Unauthenticated users could exploit this issue to access sensitive data or crash threads.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.