CVE-2023-42459

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Fast DDS es una implementación en C++ del estándar DDS (Servicio de Distribución de Datos) de OMG (Object Management Group). En las versiones afectadas, se pueden enviar submensajes de DATOS específicos a un localizador de descubrimiento que puede provocar un error free. Esto puede bloquear de forma remota cualquier proceso Fast-DDS. La llamada a free() podría potencialmente dejar el puntero en el control del atacante, lo que podría conducir a un doble free. Este problema se solucionó en las versiones 2.12.0, 2.11.3, 2.10.3 y 2.6.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.