CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39948 – Uncaught fastcdr exception (Unexpected CDR type received) crashing fastdds
https://notcve.org/view.php?id=CVE-2023-39948
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.10.0 y 2.6.5, la `BadParamException` lanzada por Fast CDR no es capturada en Fast DDS. • https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip https://github.com/eProsima/Fast-DDS/issues/3422 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f https://www.debian.org/security/2023/dsa-5481 • CWE-248: Uncaught Exception •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39947 – Another heap overflow in push_back_helper
https://notcve.org/view.php?id=CVE-2023-39947
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.11.1, 2.10.2, 2.9.2, y 2.6.6, incluso después de la corrección en el commit 3492270, los parámetros malformados `PID_PROPERTY_LIST` causan desbordamiento de heap en un contador de programa diferente. • https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv https://www.debian.org/security/2023/dsa-5481 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39946 – Heap overflow in push_back_helper due to a CDR message
https://notcve.org/view.php?id=CVE-2023-39946
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. • https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx https://www.debian.org/security/2023/dsa-5481 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39945 – Malformed serialized data in a data submessage leads to unhandled exception
https://notcve.org/view.php?id=CVE-2023-39945
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.11.0, 2.10.2, 2.9.2, y 2.6.5, un submensaje de datos enviado al puerto PDP lanzaba una `BadParamException` no manejada en fastcdr, que a su vez bloqueaba fastdds. Las versiones 2.11.0, 2.10.2, 2.9.2 y 2.6.5 contienen un parche para este problema. • https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 https://www.debian.org/security/2023/dsa-5481 • CWE-248: Uncaught Exception •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39534 – Malformed GAP submessage triggers assertion failure
https://notcve.org/view.php?id=CVE-2023-39534
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.10.0, 2.9.2 y 2.6.5, un submensaje GAP malformado podía provocar un fallo de aserción, bloqueando FastDDS. Las versiones 2.10.0, 2.9.2 y 2.6.5 contienen un parche para este problema. • https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252 https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp https://www.debian.org/security/2023/dsa-5481 • CWE-617: Reachable Assertion •