Lucene search

GoogleOSV:CVE-2024-30258

HistoryMay 14, 2024 - 3:22 p.m.

CVE-2024-30258

2024-05-1415:22:15

Google

osv.dev

fastdds

remote crash

vulnerability

rtps packet

dos attack

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed RTPS packet, the subscriber crashes when creating pthread. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.

CPENameOperatorVersion
fast-ddseq1.5.0
fast-ddseq1.3.1
fast-ddseq1.9.0
fast-ddseq1.7.1
fast-ddseq1.8.0
fast-ddseq1.0.0
fast-ddseq2.3.0-api
fast-ddseq2.0.0-beta
fast-ddseq1.9.0-beta
fast-ddseq2.0.0-rc

Name	Operator	Version
fast-dds	eq	1.5.0
fast-dds	eq	1.3.1
fast-dds	eq	1.9.0
fast-dds	eq	1.7.1
fast-dds	eq	1.8.0
fast-dds	eq	1.0.0
fast-dds	eq	2.3.0-api
fast-dds	eq	2.0.0-beta
fast-dds	eq	1.9.0-beta
fast-dds	eq	2.0.0-rc

Rows per page:

1-10 of 291

References

drive.google.com/file/d/19W5UC52hPnAqVq_boZWO45d1TJ4WoCSh/view?usp=sharing

github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b

github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

Related for OSV:CVE-2024-30258