PT-2023-4900 · Eprosima+2 · Eprosima Fast Dds+2
Squizz617
·
Published
2023-08-11
·
Updated
2023-08-24
·
CVE-2023-39948
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
eprosima Fast DDS versions prior to 2.10.0 and 2.6.5
Description
The issue is related to insufficient handling of exceptional states in the eprosima Fast DDS library, which is a C++ implementation of the Data Distribution Service standard of the Object Management Group. This can allow a remote attacker to cause a denial of service by crashing any Fast DDS process. The
BadParamException thrown by Fast CDR is not caught in Fast DDS, leading to this vulnerability.Recommendations
To resolve the issue, update to version 2.10.0 or 2.6.5, as these versions contain a patch for this issue.
As a temporary workaround, consider implementing exception handling for the
BadParamException thrown by Fast CDR to prevent remote crashes of Fast DDS processes.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Eprosima Fast Dds