eProsima Fast DDS 缓冲区错误漏洞

eProsima Fast DDS is a C++ implementation of the OMG Object Management Group DDS Data Distribution Service standard from eProsima Corporation. Versions prior to 3.4.1, 3.3.1, and 2.6.11 of eProsima Fast DDS contained a buffer error vulnerability. This vulnerability stemmed from the lack of minima...

Linux Distros Unpatched Vulnerability : CVE-2025-48379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with...

MAL-2026-508 Malicious code in cartos-dds-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1f496b09128d69f16784f2b9c7ac2d7f29982e802db47de225654f902cd2db4 The package cartos-dds-ui was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in cartos-dds-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1f496b09128d69f16784f2b9c7ac2d7f29982e802db47de225654f902cd2db4 The package cartos-dds-ui was found to contain malicious code. Source: ossf-package-analysis...

CVE-2023-50257

eProsima Fast DDS formerly Fast RTPS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data pUD and guid values used to disconnect between nodes are not encrypted, a vulnerability has be...

CVE-2023-50716

eProsima Fast DDS formerly Fast RTPS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATAFRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely...

CVE-2025-67108

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections...

CVE-2025-65865

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the MessageReceiver::procSubmsgDataFrag function. An attacker can cause the application to crash or become unresponsive by submitting specially crafted data that triggers an integer overflow. Remediati...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

CVE-2025-67108

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections...

CVE-2025-65865

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-67108

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections...

CVE-2025-65865

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service DoS via a crafted input...

UBUNTU-CVE-2025-67108

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections...

UBUNTU-CVE-2025-65865

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service DoS via a crafted input...

Improper Validation of Certificate Expiration

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate Expiration via using X509verifycert in the verifycertificate function in the PKIDH.cpp file, and the validity of permission grants is checked in the isvalidationintime function in the Permissions.cpp. ...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the ddstime function due to insufficient validation in the time certificate verification. An attacker can gain elevated privileges and execute arbitrary commands by bypassing certificate checks...