cbcvebase.
CVE-2021-38445
published 2022-05-05

CVE-2021-38445: OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.58%
83.3th percentile
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.

Affected

2 ranges
VendorProductVersion rangeFixed in
objectcomputingopendds< 3.18.13.18.1
ociopendds>= unspecified < 3.18.13.18.1

Detection & IOCsextracted from sources · hover to see the quote

  • Detect RTPS RTPSSubMessage_DATA packets where the PID_BUILTIN_ENDPOINT_QOS parameter Length field is set to 4 null bytes (\x00\x00\x00\x00), which is the exploit trigger for CVE-2021-38445 against OpenDDS.
  • Monitor for anomalous RTPS traffic targeting DDS endpoints; the exploit can be crafted using the Scapy RTPS layer, so look for malformed RTPS submessages with mismatched length fields.
  • ·CVE-2021-38445 affects OCI OpenDDS versions prior to 3.18.1 only; patched versions are not vulnerable.
  • ·The vulnerability is exploitable remotely over the network against any DDS endpoint running a vulnerable OpenDDS version, including those embedded in ROS 2 stacks; exposed DDS endpoints without network segmentation are at highest risk.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.