PT-2023-7345 · Fastdds · Fastdds
Squizz617
·
Published
2023-10-16
·
Updated
2023-11-28
·
CVE-2023-42459
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
Fast DDS versions prior to 2.12.0
Fast DDS versions prior to 2.11.3
Fast DDS versions prior to 2.10.3
Fast DDS versions prior to 2.6.7
Description
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions, specific DATA submessages can be sent to a discovery locator, which may trigger a free error, potentially allowing a remote attacker to crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attacker's control, which could lead to a double free.
Recommendations
For versions prior to 2.12.0, upgrade to version 2.12.0 or later.
For versions prior to 2.11.3, upgrade to version 2.11.3 or later.
For versions prior to 2.10.3, upgrade to version 2.10.3 or later.
For versions prior to 2.6.7, upgrade to version 2.6.7 or later.
Exploit
Fix
Use After Free
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fastdds