CVE-2023-39949

EPSS 0.09%
Published 11.08.2023 14:15:13
Last modified 21.11.2024 08:16:05
Source security-advisories@github.com
Teams watchlist Login
Open Login

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Eprosima ≫ Fast Dds Version >= 2.6.0 < 2.6.5

Eprosima ≫ Fast Dds Version2.9.0

Debian ≫ Debian Linux Version11.0

Debian ≫ Debian Linux Version12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.26

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://www.debian.org/security/2023/dsa-5481

Third Party Advisory

https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059

Third Party Advisory

https://github.com/eProsima/Fast-DDS/issues/3236

Third Party Advisory

https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-39949

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39949

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39949

EUVD