CVE-2023-37915

Name of the Vulnerable Software and Affected Versions OpenDDS versions prior to 3.25

Description OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). It crashes while parsing a malformed PID PROPERTY LIST in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port.

Recommendations For versions prior to 3.25, upgrade to version 3.25 to resolve the issue. As a temporary workaround, consider restricting access to the multicast port to minimize the risk of exploitation.