CVE-2023-39534
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-39534
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-39534.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-39534
- Aliases
-
- GHSA-fcr6-x23w-94wp
- Downstream
- Published
- 2023-08-11T13:12:00Z
- Modified
- 2025-10-20T19:34:02Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Malformed GAP submessage triggers assertion failure
- Details
-
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.
- Database specific
{ "cwe_ids": [ "CWE-617" ] }- References
-
- https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp
- https://www.debian.org/security/2023/dsa-5481
- https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap
- https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252
- https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863