CVE-2023-50716

2024-03-0618:15:46

CWE-416

GitHub_M

web.nvd.nist.gov

eprosima fast dds

fast rtps

cve-2023-50716

data distribution service

nvd

security vulnerability

denial of service

remote attack

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

Percentile

9.0%

JSON

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the Inline_qos, SerializedPayload member of object ch will attempt to release memory without initialization, resulting in a ‘bad-free’ error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue.

Affected configurations

Vulners

Node

eprosimafast_ddsRange2.12.0–2.12.2

eprosimafast_ddsRange2.11.0–2.11.3

eprosimafast_ddsRange2.10.0–2.10.3

eprosimafast_ddsRange<2.6.7

VendorProductVersionCPE
eprosimafast_dds*cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eprosima	fast_dds	*	cpe:2.3:a:eprosima:fast_dds::::::::

CNA Affected

[
  {
    "vendor": "eProsima",
    "product": "Fast-DDS",
    "versions": [
      {
        "version": ">= 2.12.0, < 2.12.2",
        "status": "affected"
      },
      {
        "version": ">= 2.11.0, < 2.11.3",
        "status": "affected"
      },
      {
        "version": ">= 2.10.0, < 2.10.3",
        "status": "affected"
      },
      {
        "version": "< 2.6.7",
        "status": "affected"
      }
    ]
  }
]