CVE-2024-30258

Name of the Vulnerable Software and Affected Versions FastDDS versions prior to 2.14.1 FastDDS versions prior to 2.13.5 FastDDS versions prior to 2.10.4 FastDDS versions prior to 2.6.8

Description FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). When a publisher serves a malformed RTPS packet, the subscriber crashes when creating pthread. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack.

Recommendations For versions prior to 2.14.1, update to version 2.14.1 or later. For versions prior to 2.13.5, update to version 2.13.5 or later. For versions prior to 2.10.4, update to version 2.10.4 or later. For versions prior to 2.6.8, update to version 2.6.8 or later. As a temporary workaround, consider restricting access to the RTPS packet handler to minimize the risk of exploitation.