Segmentation Fault in OpenDDS due to Large Max Samples Value
CVE-2023-52427

7.5HIGH

Key Information:

Vendor: OpenDDS
Status: Opendds
Vendor: CVE Published:; 11 February 2024

What is CVE-2023-52427?

A segmentation fault occurs in OpenDDS when a DataWriter is configured with an excessively large value for resource_limits.max_samples. This limitation exposes systems to potential instability and performance degradation, as the software is not designed to handle max_samples values that exceed the available memory capacity. Users of OpenDDS versions up to and including 3.27 should be cautious and review their configurations to ensure that they do not exceed manageable memory thresholds.

References

https://github.com/OpenDDS/OpenDDS/issues/4388

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2024
Vulnerability Reserved
Feb 11, 2024