CVE-2023-39946

Name of the Vulnerable Software and Affected Versions eprosima Fast DDS versions prior to 2.11.1 eprosima Fast DDS versions prior to 2.10.2 eprosima Fast DDS versions prior to 2.9.2 eprosima Fast DDS versions prior to 2.6.6

Description The issue is related to a heap overflow that can be triggered by providing a PID PROPERTY LIST parameter containing a CDR string with a length larger than the size of the actual content. This occurs in the eprosima::fastdds::dds::ParameterPropertyList t::push back helper function, where memcpy is called to copy the octet'ized length and then the data into properties .data. The data and size can be controlled by anyone sending the CDR string to the discovery multicast port, allowing for a remote crash of any Fast-DDS process.

Recommendations For versions prior to 2.11.1, update to version 2.11.1 or later. For versions prior to 2.10.2, update to version 2.10.2 or later. For versions prior to 2.9.2, update to version 2.9.2 or later. For versions prior to 2.6.6, update to version 2.6.6 or later. As a temporary workaround, consider restricting access to the discovery multicast port to minimize the risk of exploitation.