CVE-2023-50716

Name of the Vulnerable Software and Affected Versions eProsima Fast DDS versions prior to 2.13.0 eProsima Fast DDS versions prior to 2.12.2 eProsima Fast DDS versions prior to 2.11.3 eProsima Fast DDS versions prior to 2.10.3 eProsima Fast DDS versions prior to 2.6.7

Description The issue is related to an invalid DATA FRAG Submessage that causes a bad-free error, allowing the Fast-DDS process to be remotely terminated. When an invalid Data Frag packet is sent, the Inline qos, SerializedPayload member of object ch attempts to release memory without initialization, resulting in a 'bad-free' error.

Recommendations For versions prior to 2.13.0, update to version 2.13.0 or later. For versions prior to 2.12.2, update to version 2.12.2 or later. For versions prior to 2.11.3, update to version 2.11.3 or later. For versions prior to 2.10.3, update to version 2.10.3 or later. For versions prior to 2.6.7, update to version 2.6.7 or later.