CVE-2021-38427
published 2022-05-05CVE-2021-38427: RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.55%
41.6th percentile
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rti | connext_dds_professional | 4.2x – 6.1.0 | — |
| rti | connext_dds_secure | 4.2x – 6.1.0 | — |
| rti | connext_professional | 4.2.0 – 6.1.0 | — |
| rti | connext_secure | 4.2.0 – 6.1.0 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Multiple Data Distribution Service (DDS) Implementations (Update A)
cisa_ics·2021-11-11
Multiple Data Distribution Service (DDS) Implementations (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple Data Distribution Service (DDS) Implementations (Update A)
Last RevisedFebruary 01, 2022
Alert CodeICSA-21-315-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Eclipse, eProsima, GurumNetworks, Object Computing, Inc. (OCI), Real-Time Innovations (RTI), TwinOaks Computing
- Equipment: CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS Secure, Connext DDS Micro, CoreDX DDS
- Vulnerabilities: Write-what-where Condition, Improper Handling of Syntactically Invalid Structure, Network Amp
GHSA
GHSA-xpjm-7phh-w9j8: RTI Connext DDS Professional and Connext DDS Secure Versions 4
ghsa_unreviewed·2022-05-06
CVE-2021-38427 [HIGH] CWE-121 GHSA-xpjm-7phh-w9j8: RTI Connext DDS Professional and Connext DDS Secure Versions 4
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.
No detection rules found.
No public exploits indexed.
Trendmicro
Data Distribution Service: Nicht immer sicher
blogs_trendmicro·2022-05-11
Data Distribution Service: Nicht immer sicher
Ausnutzung von Schwachstellen
## Data Distribution Service: Nicht immer sicher
Das Data Distribution Service (DDS)-Protokoll wird seit mehr als einem Jahrzehnt verwendet, ist aber selbst vielen Branchenexperten nicht bekannt. Wir haben diese wichtige Middleware auf Lücken untersucht – und sind leider fündig geworden.
By: Trend Micro May 11, 2022 Read time: ( words)
Save to Folio
Originalbeitrag von Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), Victor Mayoral Vilches (Alias Robotics)
Das Data Distribution Service (DDS)-Protokoll wird seit mehr als einem Jahrzehnt verwendet, ist aber selbst vielen Branchenexperten nicht bekannt. Die Middleware-Technologie ist für den Betrieb von Milli
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro 2022/04/19 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware s
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
# Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
Apr 19, 2022
Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits y vulnerabilidades
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middlewar
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Sfruttamento vulnerabilità
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
# Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
2022/04/19
Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware s
2022-05-05
Published