← Volver a CVEs
CVE-2023-42459
HIGH8.6
Descripcion
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Detalles CVE
Puntuacion CVSS v3.18.6
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/16/2023
Ultima modificacion4/11/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
eprosima:fast_dds
Debilidades (CWE)
CWE-415CWE-416CWE-590CWE-415
Referencias
https://github.com/eProsima/Fast-DDS/issues/3207(security-advisories@github.com)
https://github.com/eProsima/Fast-DDS/pull/3824(security-advisories@github.com)
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm(security-advisories@github.com)
https://www.debian.org/security/2023/dsa-5568(security-advisories@github.com)
https://github.com/eProsima/Fast-DDS/issues/3207(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/eProsima/Fast-DDS/pull/3824(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5568(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.