HIGH🇬🇧 English

CVE-2023-37915

CVSS 7.5v3.1pub. 2023-07-21upd. 2024-11-21

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Objectcomputing Opendds

    APP
    Objectcomputing
    3.23.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-67111HIGH7.5ten sam produkt

An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to caus...

CVE-2023-52427HIGH7.5ten sam produkt

In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits....

CVE-2021-38445HIGH7.0ten sam produkt

OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the...

CVE-2021-38447HIGH8.6ten sam produkt

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood...

CVE-2024-30915MEDIUM4.3ten sam produkt

An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to...