CVE-2024-30916Improper Input Validation in Fast DDS

CWE-20Improper Input Validation5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 86.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Eprosima Fast DDS
Timeline
PublishedApr 11

Description

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

NVDeprosima/fast_dds2.14.0

🔴Vulnerability Details

3
CVEList
CVE-2024-30916: An issue was discovered in eProsima FastDDS v2024-04-11
OSV
CVE-2024-30916: An issue was discovered in eProsima FastDDS v2024-04-11
GHSA
GHSA-62rm-mh7j-gv7j: An issue was discovered in eProsima FastDDS v2024-04-11

📋Vendor Advisories

1
Debian
CVE-2024-30916: fastdds - An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local ...2024
CVE-2024-30916 — Improper Input Validation in Fast DDS | cvebase