CVE-2023-39949 — Reachable Assertion in Fast-dds

CWE-617 — Reachable Assertion6 documents5 sources

Severity

7.5HIGHNVD

OSV9.1

EPSS

0.1%

top 70.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eprosima Fast-dds Eprosima Fast DDS Debian Linux

Timeline

PublishedAug 11

Latest updateAug 24

Description

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5eprosima/fast-dds< 2.6.5+1

▶NVDeprosima/fast_dds2.6.0 — 2.6.5+1

Also affects: Debian Linux 11.0, 12.0

🔴Vulnerability Details

OSV

fastdds vulnerabilities↗2023-08-24

▶

CVEList

Improper validation of sequence numbers leading to remotely reachable assertion failure↗2023-08-11

▶

OSV

CVE-2023-39949: eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group↗2023-08-11

▶

📋Vendor Advisories

Ubuntu

Fast DDS vulnerabilities↗2023-08-24

▶

Debian

CVE-2023-39949: fastdds - eprosima Fast DDS is a C++ implementation of the Data Distribution Service stand...↗2023

▶