CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 1CVE-2023-42459 – Malformed DATA submessage leads to bad-free error in Fast-DDS
https://notcve.org/view.php?id=CVE-2023-42459
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. • https://github.com/eProsima/Fast-DDS/issues/3207 https://github.com/eProsima/Fast-DDS/pull/3824 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm https://www.debian.org/security/2023/dsa-5568 • CWE-415: Double Free CWE-416: Use After Free CWE-590: Free of Memory not on the Heap •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38425 – eProsima Fast DDS Network Amplification
https://notcve.org/view.php?id=CVE-2021-38425
eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure. eProsima Fast DDS versiones anteriores a 2.4.0 (#2269), son susceptibles de ser explotadas cuando un atacante envía un paquete especialmente diseñado para inundar un dispositivo de destino con tráfico no deseado, lo que puede resultar en una condición de denegación de servicio y exposición de información • https://github.com/eProsima/Fast-DDS https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02 • CWE-406: Insufficient Control of Network Message Volume (Network Amplification) •