CVE-2024-30917Improper Handling of Values in Fast DDS

CWE-229Improper Handling of ValuesCWE-922Insecure Storage of Sensitive Information5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 79.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Eprosima Fast DDS
Timeline
PublishedApr 11

Description

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDeprosima/fast_dds2.14.0

🔴Vulnerability Details

3
CVEList
CVE-2024-30917: An issue was discovered in eProsima FastDDS v2024-04-11
OSV
CVE-2024-30917: An issue was discovered in eProsima FastDDS v2024-04-11
GHSA
GHSA-8p3v-87jv-mp95: An issue was discovered in eProsima FastDDS v2024-04-11

📋Vendor Advisories

1
Debian
CVE-2024-30917: fastdds - An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local ...2024
CVE-2024-30917 — Improper Handling of Values | cvebase