HIGH🇵🇱 Wersja polska

CVE-2024-10838

CVSS 8.8v4.0pub. 2025-03-12upd. 2025-07-31

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Eclipse Cyclone Data Distribution Service

    APP
    Eclipse
    < 0.10.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSDeserialization
CWE
References

Related vulnerabilities

CVE-2025-67109CRITICAL10.0PL ✓ten sam produkt

Eclipse Cyclone DDS — błędna weryfikacja czasu certyfikatu umożliwia eskalację uprawnień

CVE-2020-18734HIGH7.5ten sam produkt

A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscribe...

CVE-2020-18735HIGH7.5ten sam produkt

A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscribe...

CVE-2026-2586CRITICAL9.1ten sam vendor

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...

CVE-2026-2587CRITICAL9.6ten sam vendor

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...