GitHub_MCVELIST:CVE-2023-39945CVE-2023-39945 Malformed serialized data in a data submessage leads to unhandled exception
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
35.2%
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled BadParamException in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue.
CNA Affected
[
{
"vendor": "eProsima",
"product": "Fast-DDS",
"versions": [
{
"version": "< 2.6.5",
"status": "affected"
},
{
"version": ">= 2.7.0, < 2.9.2",
"status": "affected"
},
{
"version": ">= 2.10.0, < 2.10.2",
"status": "affected"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
35.2%