SB2024042923 - Multiple vulnerabilities in Fast DDS

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Heap-based buffer overflow (CVE-ID: CVE-2024-28231)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within manipulated DATA Submessage. A remote attacker on the local network can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Improper input validation (CVE-ID: CVE-2024-30258)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in RTPS packet handling when processing malformed RTPS packets from a publisher. A remote attacker can send a specially crafted RTPS packet to cause a denial of service.

The issue can crash the subscriber while creating pthread resources.

3) Heap-based buffer overflow (CVE-ID: CVE-2024-30259)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in the RTPS packet parser when parsing malformed RTPS packets. A remote attacker can send a specially crafted RTPS packet to cause a denial of service.

The issue is triggered on a subscriber when processing malformed PID_RELIABILITY_ENABLED serialized data from a publisher.

Remediation

Install update from vendor's website.

References

• https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w
• https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b
• https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh
• https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662
• https://github.com/advisories/GHSA-qcj9-939p-p662