Eprosima Fast-Dds vulnerabilities

CVE-2025-62799 [HIGH] CWE-122 CVE-2025-62799: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a single malformed RTPS DATA_FRAG packet where `fragmentSize` and `sampleSize` a

CVE-2025-62599 [HIGH] CWE-190 CVE-2025-62599: eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termina

CVE-2025-62600 [HIGH] CWE-190 CVE-2025-62600: eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termina

CVE-2025-64098 [LOW] CWE-125 CVE-2025-64098: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS

CVE-2025-62602 [LOW] CWE-122 CVE-2025-62602: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the f

CVE-2025-62603 [LOW] CWE-125 CVE-2025-62603: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as crypto-token exchange, rekeying, re-authentication, and

CVE-2025-62601 [LOW] CWE-122 CVE-2025-62601: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the f

CVE-2025-64438 [LOW] CWE-835 CVE-2025-64438: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (`

CVE-2025-24807 [MEDIUM] CWE-345 CVE-2025-24807: eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access control plugin validates only the S/MIME signature which

CVE-2024-30259 [HIGH] CWE-120 CVE-2024-30259: FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object M FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Ver

CVE-2024-30258 [HIGH] CWE-20 CVE-2024-30258: FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object M FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. V

CVE-2024-28231 [HIGH] CWE-122 CVE-2024-28231: eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Ma eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA S

CVE-2023-50716 [CRITICAL] CWE-416 CVE-2023-50716: eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service stan eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, t

CVE-2023-50257 [HIGH] CWE-284 CVE-2023-50257: eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service stan eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can f

CVE-2023-42459 [HIGH] CWE-415 CVE-2023-42459: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers con

CVE-2023-39534 [HIGH] CWE-617 CVE-2023-39534: eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Ma eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.

CVE-2023-39949 [HIGH] CWE-617 CVE-2023-39949: eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Ma eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.

CVE-2023-39945 [HIGH] CWE-248 CVE-2023-39945: eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Ma eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this iss

CVE-2023-39946 [HIGH] CWE-122 CVE-2023-39946: eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Ma eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPro

CVE-2023-39947 [HIGH] CWE-122 CVE-2023-39947: eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Ma eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions