CVE-2024-10838

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-10838
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10838.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-10838
Aliases
  • GHSA-6jj6-w25p-jc42
Related
Published
2025-03-12T13:15:36Z
Modified
2025-05-24T03:44:03.497138Z
Summary
[none]
Details

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

References

Affected packages

Git / github.com/eclipse-cyclonedds/cyclonedds

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-cyclonedds/cyclonedds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2cdd114cbd18340c606573b4cc8dc20cc161ec5a

Affected versions

0.*

0.10.1
0.10.2
0.10.2rc1
0.10.3
0.10.4
0.5.1
0.6.0
0.6.0rc1
0.7.0
0.7.0rc1
0.8.0beta2
0.8.0beta3
0.8.0beta4
0.8.0beta5
0.8.0beta6
0.8.0rc1
0.8.0rc2
0.9.0a1
0.9.0b1

V0.*

V0.1.0
V0.5.0
V0.5.0rc1