Lucene search

GitHub_MCVE-2024-30258

HistoryMay 14, 2024 - 3:22 p.m.

CVE-2024-30258

2024-05-1415:22:15

CWE-20

GitHub_M

web.nvd.nist.gov

fastdds

c++

dds

omg

rtps

pthread

dos

cve-2024-30258

vulnerability

patch

nvd

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

15.5%

JSON

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed RTPS packet, the subscriber crashes when creating pthread. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.

Affected configurations

Vulners

Node

eprosimafast_dds

eprosimafast_ddsRange2.13.0–2.13.5

eprosimafast_ddsRange2.10.0–2.10.4

eprosimafast_ddsRange<2.6.8

VendorProductVersionCPE
eprosimafast_dds*cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eprosima	fast_dds	*	cpe:2.3:a:eprosima:fast_dds::::::::

CNA Affected

[
  {
    "vendor": "eProsima",
    "product": "Fast-DDS",
    "versions": [
      {
        "version": "= 2.14.0",
        "status": "affected"
      },
      {
        "version": ">= 2.13.0, < 2.13.5",
        "status": "affected"
      },
      {
        "version": ">= 2.10.0, < 2.10.4",
        "status": "affected"
      },
      {
        "version": "< 2.6.8",
        "status": "affected"
      }
    ]
  }
]