Lucene search

GitHub_MCVELIST:CVE-2023-23932

HistoryFeb 03, 2023 - 8:08 p.m.

CVE-2023-23932 Specially crafted RTPS message may cause an OpenDDS application to crash

2023-02-0320:08:31

CWE-248

GitHub_M

www.cve.org

cve-2023-23932

opendds

rtps

crash fix

vulnerability

patch

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

32.7%

JSON

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.

CNA Affected

[
  {
    "vendor": "OpenDDS",
    "product": "OpenDDS",
    "versions": [
      {
        "version": "< 3.23.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.23.1

github.com/OpenDDS/OpenDDS/security/advisories/GHSA-8wvq-25f5-f8h4

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

32.7%

JSON

Related for CVELIST:CVE-2023-23932