eProsima Fast-DDS up to 2.6.7/2.10.3/2.12.1/2.13.3 DATA Submessage heap-based overflow

Summaryinfo

A vulnerability marked as critical has been reported in eProsima Fast-DDS up to 2.6.7/2.10.3/2.12.1/2.13.3. The affected element is an unknown function of the component DATA Submessage Handler. This manipulation causes heap-based overflow. This vulnerability is tracked as CVE-2024-28231. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical was found in eProsima Fast-DDS up to 2.6.7/2.10.3/2.12.1/2.13.3. Affected by this vulnerability is an unknown code of the component DATA Submessage Handler. The manipulation with an unknown input leads to a heap-based overflow vulnerability. The CWE definition for the vulnerability is CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue.

It is possible to read the advisory at github.com. This vulnerability is known as CVE-2024-28231 since 03/07/2024. The exploitation appears to be easy. The attack needs to be initiated within the local network. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available.

Upgrading eliminates this vulnerability. Applying the patch 355706386f4af9ce74125eeec3c449b06113112b is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Vendor

• eProsima

Name

• Fast-DDS

Version

• 2.6.0
• 2.6.1
• 2.6.2
• 2.6.3
• 2.6.4
• 2.6.5
• 2.6.6
• 2.6.7
• 2.10.0
• 2.10.1
• 2.10.2
• 2.10.3
• 2.12.0
• 2.12.1
• 2.13.0
• 2.13.1
• 2.13.2
• 2.13.3

License

• open-source

Website

• Product: https://github.com/eProsima/Fast-DDS/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion