CVE-2023-39534

2023-08-1114:15:13

CWE-617

[email protected]

web.nvd.nist.gov

eprosima

fast dds

c++

data distribution service

vulnerability

assertion failure

nvd

cve-2023-39534

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.

Affected configurations

Vulners

NVD

Node

eprosimafast_ddsRange<2.6.5

eprosimafast_ddsRange2.7.0–2.9.2

VendorProductVersionCPE
eprosimafast_dds*cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*
eprosimafast_dds*cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eprosima	fast_dds	*	cpe:2.3:a:eprosima:fast_dds::::::::
eprosima	fast_dds	*	cpe:2.3:a:eprosima:fast_dds::::::::

CNA Affected

[
  {
    "vendor": "eProsima",
    "product": "Fast-DDS",
    "versions": [
      {
        "version": "< 2.6.5",
        "status": "affected"
      },
      {
        "version": ">= 2.7.0, < 2.9.2",
        "status": "affected"
      }
    ]
  }
]