CVE-2023-39945

Name of the Vulnerable Software and Affected Versions eprosima Fast DDS versions prior to 2.11.0 eprosima Fast DDS versions prior to 2.10.2 eprosima Fast DDS versions prior to 2.9.2 eprosima Fast DDS versions prior to 2.6.5

Description The issue is related to an error in exception handling in the eprosima Fast DDS library, which is a C++ implementation of the Data Distribution Service standard of the Object Management Group. When a data submessage is sent to the PDP port, it raises an unhandled BadParamException in fastcdr, causing fastdds to crash. This could allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 2.11.0, update to version 2.11.0 or later. For versions prior to 2.10.2, update to version 2.10.2 or later. For versions prior to 2.9.2, update to version 2.9.2 or later. For versions prior to 2.6.5, update to version 2.6.5 or later. As a temporary workaround, consider restricting access to the PDP port to minimize the risk of exploitation.