Ubuntu.comUB:CVE-2023-42459CVE-2023-42459
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS
Percentile
28.7%
Fast DDS is a C++ implementation of the DDS (Data Distribution Service)
standard of the OMG (Object Management Group). In affected versions
specific DATA submessages can be sent to a discovery locator which may
trigger a free error. This can remotely crash any Fast-DDS process. The
call to free() could potentially leave the pointer in the attackers control
which could lead to a double free. This issue has been addressed in
versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade.
There are no known workarounds for this vulnerability.
Bugs
References
github.com/eProsima/Fast-DDS/commit/1e978c6f3d0ca1df6b323b37fd4902b0762ececb
github.com/eProsima/Fast-DDS/issues/3207
github.com/eProsima/Fast-DDS/pull/3824
github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm
launchpad.net/bugs/cve/CVE-2023-42459
nvd.nist.gov/vuln/detail/CVE-2023-42459
security-tracker.debian.org/tracker/CVE-2023-42459
www.cve.org/CVERecord?id=CVE-2023-42459
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS
Percentile
28.7%