eProsima Fast DDS up to 2.6.4/2.9.x uncaught exception

Summaryinfo

A vulnerability was found in eProsima Fast DDS up to 2.6.4/2.9.x. It has been classified as problematic. The impacted element is an unknown function. The manipulation leads to uncaught exception. This vulnerability is traded as CVE-2023-39948. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in eProsima Fast DDS up to 2.6.4/2.9.x. It has been rated as problematic. This issue affects an unknown code block. The manipulation with an unknown input leads to a uncaught exception vulnerability. Using CWE to declare the problem leads to CWE-248. An exception is thrown from a function, but it is not caught. Impacted is availability. The summary by CVE is:

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue.

The weakness was shared 08/11/2023 as 3422. The advisory is shared at github.com. The identification of this vulnerability is CVE-2023-39948 since 08/07/2023. Neither technical details nor an exploit are publicly available.

Upgrading to version 2.6.5 or 2.10.0 eliminates this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• eProsima

Name

• Fast DDS

Version

• 2.0
• 2.1
• 2.2
• 2.3
• 2.4
• 2.5
• 2.6
• 2.6.0
• 2.6.1
• 2.6.2
• 2.6.3
• 2.6.4
• 2.7
• 2.8
• 2.9

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion