CVE-2021-38443
published 2022-05-05CVE-2021-38443: Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.19%
80.2th percentile
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cyclonedds | < cyclonedds 0.8.1-2 (bookworm) | cyclonedds 0.8.1-2 (bookworm) |
| eclipse | cyclonedds | < 0.8.0 | 0.8.0 |
| eclipse | cyclonedds | >= 0 < 0.8.1-2 | 0.8.1-2 |
| eclipse | cyclonedds | >= 0 < 0.8.1-2 | 0.8.1-2 |
| eclipse | cyclonedds | >= 0 < 0.8.1-2 | 0.8.1-2 |
| eclipse | cyclonedds | >= unspecified < 0.8.0 | 0.8.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Multiple Data Distribution Service (DDS) Implementations (Update A)
cisa_ics·2021-11-11
Multiple Data Distribution Service (DDS) Implementations (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple Data Distribution Service (DDS) Implementations (Update A)
Last RevisedFebruary 01, 2022
Alert CodeICSA-21-315-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Eclipse, eProsima, GurumNetworks, Object Computing, Inc. (OCI), Real-Time Innovations (RTI), TwinOaks Computing
- Equipment: CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS Secure, Connext DDS Micro, CoreDX DDS
- Vulnerabilities: Write-what-where Condition, Improper Handling of Syntactically Invalid Structure, Network Amp
Debian
CVE-2021-38443: cyclonedds - Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures,...
vendor_debian·2021·CVSS 6.6
CVE-2021-38443 [MEDIUM] CVE-2021-38443: cyclonedds - Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures,...
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
Scope: local
bookworm: resolved (fixed in 0.8.1-2)
bullseye: open
forky: resolved (fixed in 0.8.1-2)
sid: resolved (fixed in 0.8.1-2)
trixie: resolved (fixed in 0.8.1-2)
GHSA
GHSA-fq6w-j34v-phjr: Eclipse CycloneDDS versions prior to 0
ghsa_unreviewed·2022-05-06
CVE-2021-38443 [CRITICAL] CWE-228 GHSA-fq6w-j34v-phjr: Eclipse CycloneDDS versions prior to 0
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
OSV
CVE-2021-38443: Eclipse CycloneDDS versions prior to 0
osv·2022-05-05·CVSS 9.8
CVE-2021-38443 [CRITICAL] CVE-2021-38443: Eclipse CycloneDDS versions prior to 0
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
No detection rules found.
No public exploits indexed.
Trendmicro
Data Distribution Service: Nicht immer sicher
blogs_trendmicro·2022-05-11
Data Distribution Service: Nicht immer sicher
Ausnutzung von Schwachstellen
## Data Distribution Service: Nicht immer sicher
Das Data Distribution Service (DDS)-Protokoll wird seit mehr als einem Jahrzehnt verwendet, ist aber selbst vielen Branchenexperten nicht bekannt. Wir haben diese wichtige Middleware auf Lücken untersucht – und sind leider fündig geworden.
By: Trend Micro May 11, 2022 Read time: ( words)
Save to Folio
Originalbeitrag von Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), Victor Mayoral Vilches (Alias Robotics)
Das Data Distribution Service (DDS)-Protokoll wird seit mehr als einem Jahrzehnt verwendet, ist aber selbst vielen Branchenexperten nicht bekannt. Die Middleware-Technologie ist für den Betrieb von Milli
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro 2022/04/19 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware s
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
# Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
Apr 19, 2022
Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits y vulnerabilidades
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middlewar
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Sfruttamento vulnerabilità
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
# Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
2022/04/19
Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware s
2022-05-05
Published