CVE-2024-30259

CVSS V2 None CVSS V3 None

Description

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.

Overview

CVE ID
CVE-2024-30259

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-05-13T14:45:28.134Z

Last Modified Date
2024-06-04T17:39:19.177Z

Weakness Enumerations

CWE	URL
CWE-120	http://cwe.mitre.org/data/definitions/120.html
CWE-122	http://cwe.mitre.org/data/definitions/122.html

References

Reference URL	Reference Tags
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662	x_refsource_CONFIRM
https://drive.google.com/file/d/1Y2bGvP3UIOJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing	x_refsource_MISC
https://vimeo.com/907641887?share=copy	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-30259
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30259

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 12:00:51				Added to TrackCVE