CVE-2023-39948

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-39948
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-39948.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-39948
Aliases
  • GHSA-x9pj-vrgf-f68f
Related
Published
2023-08-11T14:15:13Z
Modified
2024-10-12T11:02:56.189163Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue.

References

Affected packages

Debian:11 / fastdds

Package

Name
fastdds
Purl
pkg:deb/debian/fastdds?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0+ds-9+deb11u1

Affected versions

2.*

2.1.0+ds-9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / fastdds

Package

Name
fastdds
Purl
pkg:deb/debian/fastdds?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.1+ds-1+deb12u1

Affected versions

2.*

2.9.1+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / fastdds

Package

Name
fastdds
Purl
pkg:deb/debian/fastdds?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.1+ds-2

Affected versions

2.*

2.9.1+ds-1
2.10.1+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/eprosima/fast-dds

Affected ranges

Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events