FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed RTPS packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
{
"cwe_ids": [
"CWE-120",
"CWE-122"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30259.json",
"cna_assigner": "GitHub_M"
}{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.6.8"
},
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.4"
},
{
"introduced": "2.13.0"
},
{
"fixed": "2.13.5"
},
{
"introduced": "2.14.0"
},
{
"last_affected": "2.14.0"
}
],
"cpe": [
"cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eprosima:fast_dds:2.14.0:*:*:*:*:*:*:*"
]
}