CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39945 – Malformed serialized data in a data submessage leads to unhandled exception
https://notcve.org/view.php?id=CVE-2023-39945
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.11.0, 2.10.2, 2.9.2, y 2.6.5, un submensaje de datos enviado al puerto PDP lanzaba una `BadParamException` no manejada en fastcdr, que a su vez bloqueaba fastdds. Las versiones 2.11.0, 2.10.2, 2.9.2 y 2.6.5 contienen un parche para este problema. • https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 https://www.debian.org/security/2023/dsa-5481 • CWE-248: Uncaught Exception •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39534 – Malformed GAP submessage triggers assertion failure
https://notcve.org/view.php?id=CVE-2023-39534
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.10.0, 2.9.2 y 2.6.5, un submensaje GAP malformado podía provocar un fallo de aserción, bloqueando FastDDS. Las versiones 2.10.0, 2.9.2 y 2.6.5 contienen un parche para este problema. • https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252 https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp https://www.debian.org/security/2023/dsa-5481 • CWE-617: Reachable Assertion •