CVE-2024-30259

Source
https://cve.org/CVERecord?id=CVE-2024-30259
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-30259.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-30259
Aliases
  • GHSA-qcj9-939p-p662
Downstream
Published
2024-05-13T14:45:28.134Z
Modified
2026-07-07T08:52:55.067643203Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
FastDDS heap buffer overflow when publisher sends malformed packet
Details

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed RTPS packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.

Database specific
{
    "cwe_ids": [
        "CWE-120",
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30259.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/eprosima/fast-dds

Affected ranges

Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.6.8"
        },
        {
            "introduced": "2.10.0"
        },
        {
            "fixed": "2.10.4"
        },
        {
            "introduced": "2.13.0"
        },
        {
            "fixed": "2.13.5"
        },
        {
            "introduced": "2.14.0"
        },
        {
            "last_affected": "2.14.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:eprosima:fast_dds:2.14.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

2.*
2.0.0-beta
2.0.0-rc
2.14.0
= 2.*
= 2.14.0
Other
Discovery-Time_Data_Typing
v1.*
v1.0.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.0-2
v1.9.0
v1.9.0-beta
v1.9.0-beta-2
v2.*
v2.1.0
v2.10.0-rc1
v2.10.1-rc1
v2.10.4
v2.2.0
v2.3.0-1
v2.3.0-api

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-30259.json"