UBUNTU-CVE-2023-39949

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...

CVE-2023-39949

CVE-2023-39949 affects eProsima Fast DDS, a C++ implementation of DDS. The issue is improper validation of sequence numbers in Fast DDS, which can lead to a remotely reachable assertion failure and remote crash of a Fast DDS process. The vulnerability exists in versions prior to 2.9.1 and 2.6.5; ...

CVE-2023-39949 Improper validation of sequence numbers leading to remotely reachable assertion failure

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...

CVE-2023-39949 Improper validation of sequence numbers leading to remotely reachable assertion failure

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...

CVE-2023-39949 Improper validation of sequence numbers leading to remotely reachable assertion failure

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...

CVE-2023-39534

CVE-2023-39534 affects eProsima Fast DDS (DDS implementation). A malformed GAP submessage can trigger an assertion failure, causing a crash. This impacts Fast DDS versions prior to 2.10.0, 2.9.2, and 2.6.5. Debian/Ubuntu OS advisories and OSSN listings note patches in these versions, so upgrading...

CVE-2023-39534 Malformed GAP submessage triggers assertion failure

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this iss...

CVE-2023-39534 Malformed GAP submessage triggers assertion failure

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this iss...

eProsima Fast DDS Security Vulnerability

eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A security vulnerability exists in eProsima Fast DDS version 2.9.1, which stems from the fact that an incorrectly formatted GAP sub-message may trigger an assertion failur...

PT-2023-4901 · Eprosima +2 · Eprosima Fast Dds +2

Name of the Vulnerable Software and Affected Versions: eprosima Fast DDS versions prior to 2.10.0 eprosima Fast DDS versions prior to 2.9.2 eprosima Fast DDS versions prior to 2.6.5 Description: The issue is related to the use of the assert function or a similar operator in the eprosima Fast DDS...

CVE-2023-38710

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

PT-2023-5525 · Nozomi · Nozomi Central Management Console +1

Name of the Vulnerable Software and Affected Versions: Nozomi Guardian and Nozomi Central Management Console CMC affected versions not specified Description: The issue is related to the SAML Security Assertion Markup Language technology, where an authenticated administrator can upload a SAML...

Nozomi Networks Guardian Security Breach

Nozomi Networks Guardian is an IoT device and software inspection system from Nozomi Networks, USA. A security vulnerability exists in Nozomi Networks Guardian that stems from not enforcing a restriction on the application of actual assertions in the debugging function...

Medium: avahi

Issue Overview: A reachable assertion was found in avahidnspacketappendrecord. CVE-2023-38469 A reachable assertion was found in avahiescapelabel. CVE-2023-38470 A reachable assertion was found in dbussethostname. CVE-2023-38471 Affected Packages: avahi Issue Correction: Run dnf update avahi...

dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered

An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection dbus-monitor, busctl monitor, gdbus monitor, or similar is active, and a message from the bus driver cannot be delivered to a client connection due to rules or outgoing message quota. ...

Medium: avahi

Issue Overview: A reachable assertion was found in avahidnspacketappendrecord. CVE-2023-38469 A reachable assertion was found in avahiescapelabel. CVE-2023-38470 A reachable assertion was found in dbussethostname. CVE-2023-38471 Affected Packages: avahi Issue Correction: Run yum update avahi or y...

RHEL 9 : dbus (RHSA-2023:4569)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4569 advisory. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session...

Medium: avahi

Issue Overview: A reachable assertion was found in avahidnspacketappendrecord. CVE-2023-38469 A reachable assertion was found in avahiescapelabel. CVE-2023-38470 A reachable assertion was found in dbussethostname. CVE-2023-38471 Affected Packages: avahi Note: This advisory is applicable to Amazon...

CVE-2023-29935

A flaw was found in the llvm package. An assertion failure in !replacements.countop && "operation was already replaced" may lead to a crash...

GHSA-4MH8-9WQ6-RJXG OpenAM vulnerable to user impersonation using SAMLv1.x SSO process

Impact OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the...