Heap Overflow Error in Fast-DDS Prior to Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8
CVE-2024-28231
Key Information:
Badges
What is CVE-2024-28231?
The eprosima Fast DDS, which is a C++ implementation of the Data Distribution Service standard, has a vulnerability that can lead to a heap overflow error. This issue occurs when the DATA Submessage is manipulated in a manner that causes the Fast-DDS process to terminate unexpectedly. The vulnerability arises from the payload_size in the DATA Submessage being declared as uint32_t. When a negative value, such as -1, is provided, it triggers an Integer Overflow, transforming -1 into 0xFFFFFFFF. This ultimately leads to a heap-buffer-overflow, disrupting the functionality of the program and allowing for the potential of remote termination. The issue has been addressed in versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Fast-DDS < 2.6.8 < 2.6.8
Fast-DDS >= 2.7.0, < 2.10.4 < 2.7.0, 2.10.4
Fast-DDS >= 2.11.0, < 2.12.2 < 2.11.0, 2.12.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved