Security Flaw in DDS Data Bus Affecting ROS 2 Nodes
CVE-2023-24012

8.2HIGH

Key Information:

Vendor: Opendds
Status: Dds
Vendor: CVE Published:; 9 January 2025

What is CVE-2023-24012?

A serious security issue allows attackers to create malicious DDS Participants or ROS 2 Nodes utilizing valid certificates, enabling them to take full control of vulnerable DDS databus systems. This vulnerability arises from the improper implementation of S/MIME signature verification via the OpenSSL PKCS7_verify function, which fails to adequately verify permissions within the PKCS#7 certificate’s validation process. Affected systems may be exploited due to their reliance on improper configurations, granting potential unauthorized access and control.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DDS all versions

References

https://github.com/ros2/sros2/issues/282

https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Jan 20, 2023

Credit

amrc-benmorrow

Gianluca Caizza

Ruffin White

Victor Mayoral Vilches

Mikael Arguedas

JSON

Opendds

What is CVE-2023-24012?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.