CVE-2023-42459

CVSS V2 None CVSS V3 None

Description

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Overview

CVE ID
CVE-2023-42459

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-10-16T20:56:04.284Z

Last Modified Date
2023-10-16T20:56:04.284Z

Weakness Enumerations

CWE	URL
CWE-415	http://cwe.mitre.org/data/definitions/415.html
CWE-416	http://cwe.mitre.org/data/definitions/416.html
CWE-590	http://cwe.mitre.org/data/definitions/590.html

References

Reference URL	Reference Tags
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm	x_refsource_CONFIRM
https://github.com/eProsima/Fast-DDS/issues/3207	x_refsource_MISC
https://github.com/eProsima/Fast-DDS/pull/3824	x_refsource_MISC
https://www.debian.org/security/2023/dsa-5568

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-42459
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42459

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 14:18:24				Added to TrackCVE