CVE-2024-28231

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-28231
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28231.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-28231
Aliases
  • GHSA-9m2j-qw67-ph4w
Downstream
Published
2024-03-20T20:03:18Z
Modified
2025-10-30T19:31:53Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Manipulated DATA Submessage causes a heap-buffer-overflow error
Details

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payloadsize in the DATA Submessage packet is declared as uint32t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-122"
    ]
}
References

Affected packages

Git / github.com/eprosima/fast-dds

Affected ranges

Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
77cfbe8a3a831ac525dbaf4c741743f65f3316c1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.6.8"
        }
    ]
}
Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events
Introduced
eaeb0f593ad61fe77cf105c7ebbac44b60a13934
Fixed
3118cba80c7b0db2c9bd0ede8671e3d31785cbda
Database specific 
{
    "versions": [
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.10.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events
Introduced
64700fcb9058c14e3c7aeee0ec130c47c9824917
Fixed
092848725b8425e4f05a8ccf7b3b8d513fabf733
Database specific 
{
    "versions": [
        {
            "introduced": "2.11.0"
        },
        {
            "fixed": "2.12.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events
Introduced
f633573e69e0552f5f0a48d5ed960a0782e2fea8
Fixed
4c9252bd62d6761e13b63a6ef38d5c10b6a571c6
Database specific 
{
    "versions": [
        {
            "introduced": "2.13.0"
        },
        {
            "fixed": "2.13.4"
        }
    ]
}

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "target": {
            "file": "src/cpp/rtps/participant/RTPSParticipantImpl.cpp"
        },
        "id": "CVE-2024-28231-725a5a7b",
        "source": "https://github.com/eprosima/fast-dds/commit/3118cba80c7b0db2c9bd0ede8671e3d31785cbda",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "262956306831166481237303932868870361372",
                "306604317174497932475465898607727697833",
                "196513365605387483283372719964676140728",
                "294552922959227129118208678759959282933",
                "233002817893507405036982977419080917531",
                "137118083659526854717517586406070424281"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "RTPSParticipantImpl::update_attributes",
            "file": "src/cpp/rtps/participant/RTPSParticipantImpl.cpp"
        },
        "id": "CVE-2024-28231-ecb73c2a",
        "source": "https://github.com/eprosima/fast-dds/commit/3118cba80c7b0db2c9bd0ede8671e3d31785cbda",
        "digest": {
            "function_hash": "324427933685653720667523570866654147901",
            "length": 6264.0
        },
        "deprecated": false,
        "signature_version": "v1"
    }
]