~/products/debian/fastdds

pipeline liveDigest Docs

Debian Fastdds vulnerabilities

29 known vulnerabilities affecting debian/fastdds.

Total CVEs

29

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL4HIGH17MEDIUM2LOW6

Vulnerabilities

Page 2 of 2

CVE-2023-39948HIGHCVSS 7.5fixed in fastdds 2.9.1+ds-1+deb12u1 (bookworm)2023

CVE-2023-39948 [HIGH] CVE-2023-39948: fastdds - eprosima Fast DDS is a C++ implementation of the Data Distribution Service stand... eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue. Scope: local bookworm: resolved (fixed in

CVE-2023-39945HIGHCVSS 8.2fixed in fastdds 2.9.1+ds-1+deb12u1 (bookworm)2023

CVE-2023-39945 [HIGH] CVE-2023-39945: fastdds - eprosima Fast DDS is a C++ implementation of the Data Distribution Service stand... eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. Scope: loca

CVE-2023-39946HIGHCVSS 8.2fixed in fastdds 2.9.1+ds-1+deb12u1 (bookworm)2023

CVE-2023-39946 [HIGH] CVE-2023-39946: fastdds - eprosima Fast DDS is a C++ implementation of the Data Distribution Service stand... eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::pu

CVE-2023-39947HIGHCVSS 8.2fixed in fastdds 2.9.1+ds-1+deb12u1 (bookworm)2023

CVE-2023-39947 [HIGH] CVE-2023-39947: fastdds - eprosima Fast DDS is a C++ implementation of the Data Distribution Service stand... eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2

CVE-2023-24010HIGHCVSS 8.22023

CVE-2023-24010 [HIGH] CVE-2023-24010: fastdds - An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) wi... An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by som

CVE-2023-39949HIGHCVSS 7.5fixed in fastdds 2.9.1+ds-1+deb12u1 (bookworm)2023

CVE-2023-39949 [HIGH] CVE-2023-39949: fastdds - eprosima Fast DDS is a C++ implementation of the Data Distribution Service stand... eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue. Scope: local bookworm: r

CVE-2023-39534HIGHCVSS 7.5fixed in fastdds 2.9.1+ds-1+deb12u1 (bookworm)2023

CVE-2023-39534 [HIGH] CVE-2023-39534: fastdds - eprosima Fast DDS is a C++ implementation of the Data Distribution Service stand... eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue. Scope: local bookworm: resolved (fixed in 2.9.1+ds-1+deb12u1) bulls

CVE-2023-42459HIGHCVSS 8.6fixed in fastdds 2.9.1+ds-1+deb12u2 (bookworm)2023

CVE-2023-42459 [HIGH] CVE-2023-42459: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard... Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which cou

CVE-2021-38425HIGHCVSS 7.5fixed in fastdds 2.6.1+ds-1 (bookworm)2021

CVE-2021-38425 [HIGH] CVE-2021-38425: fastdds - eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitatio... eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure. Scope: local bookworm: resolved (fixed in 2.6.1+ds-1) bullseye: resolved (fixed in 2.1.0+ds-9+deb11u1) forky: re

← Previous2 / 2