Ubuntu.comUB:CVE-2023-50716CVE-2023-50716
9.6 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data
Distribution Service standard of the Object Management Group. Prior to
versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG
Submessage causes a bad-free error, and the Fast-DDS process can be
remotely terminated. If an invalid Data_Frag packet is sent, the
Inline_qos, SerializedPayload member of object ch will attempt to
release memory without initialization, resulting in a ‘bad-free’ error.
Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue.
Related
9.6 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%