Debian Fastdds vulnerabilities

CVE-2025-67108 [CRITICAL] CVE-2025-67108: fastdds - eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket ... eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections. Scope: local bookworm: undetermined bullseye: undetermined forky: undetermined sid: undetermined trixie: undetermined

CVE-2025-65865 [HIGH] CVE-2025-65865: fastdds - An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial... An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input. Scope: local bookworm: undetermined bullseye: undetermined forky: undetermined sid: undetermined trixie: undetermined

CVE-2025-62799 [HIGH] CVE-2025-62799: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard... Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a single malformed RTPS DATA_FRAG packet where `fragmentSize` and `sampleSize` are craft ed to

CVE-2025-62600 [HIGH] CVE-2025-62600: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard... Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fie

CVE-2025-62599 [HIGH] CVE-2025-62599: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard... Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fie

CVE-2025-24807 [MEDIUM] CVE-2025-24807: fastdds - eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service)... eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access control plugin validates only the S/MIME signature which causes an expi

CVE-2025-64438 [LOW] CVE-2025-64438: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard... Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (`gapList .base

CVE-2025-62603 [LOW] CVE-2025-62603: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard... Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as crypto-token exchange, rekeying, re-authentication, and token deliver

CVE-2025-62602 [LOW] CVE-2025-62602: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard... Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_

CVE-2025-63829 [HIGH] CVE-2025-63829: fastdds - eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by i... eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-64098 [LOW] CVE-2025-64098: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard... Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fiel

CVE-2025-62601 [LOW] CVE-2025-62601: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard... Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_

CVE-2024-28231 [CRITICAL] CVE-2024-28231: fastdds - eprosima Fast DDS is a C++ implementation of the Data Distribution Service stand... eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage p

CVE-2024-30259 [HIGH] CVE-2024-30259: fastdds - FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard ... FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2

CVE-2024-26369 [HIGH] CVE-2024-26369: fastdds - An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x,... An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.14.0+ds-2) sid: resolved (fixed in 2.14.0+ds-2) trixie: resolved (fixed in 2.14.0+ds-2)

CVE-2024-30258 [HIGH] CVE-2024-30258: fastdds - FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard ... FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1

CVE-2024-30916 [HIGH] CVE-2024-30916: fastdds - An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local ... An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.14.1+ds-1) sid: resolved (fixed in 2.14.1+ds-1) trixie: resolved (fi

CVE-2024-30917 [MEDIUM] CVE-2024-30917: fastdds - An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local ... An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.14.1+ds-1) sid: resolved (fixed in 2.14.1+ds-1) trixie: resolved

CVE-2023-50257 [CRITICAL] CVE-2023-50257: fastdds - eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distr... eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly dis

CVE-2023-50716 [CRITICAL] CVE-2023-50716: fastdds - eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distr... eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos,