Fast DDS Fixes Invalid Data_Frag Packet Handling Issue
CVE-2023-50716

9.8CRITICAL

Key Information:

Vendor: Eprosima
Status: Fast-dds
Vendor: CVE Published:; 6 March 2024

What is CVE-2023-50716?

In eProsima Fast DDS, an invalid DATA_FRAG Submessage can trigger a bad-free error, potentially allowing the remote termination of the Fast-DDS process. This issue arises from the attempt to release uninitialized memory in the Inline_qos and SerializedPayload members of an object when an invalid Data_Frag packet is sent. This vulnerability affects various versions of the Fast DDS product, making it essential for users to upgrade to the fixed releases (2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7). For details on remediation, refer to the provided GitHub advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Fast-DDS >= 2.12.0, < 2.12.2 < 2.12.0, 2.12.2

Fast-DDS >= 2.11.0, < 2.11.3 < 2.11.0, 2.11.3

Fast-DDS >= 2.10.0, < 2.10.3 < 2.10.0, 2.10.3

References

https://github.com/eProsima/Fast-DDS/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 6, 2024
Vulnerability Reserved
Dec 11, 2023

JSON

Eprosima

What is CVE-2023-50716?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.