漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS
Vulnerability Description
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Vulnerability Type
信息暴露
Vulnerability Title
SROS 2 安全漏洞
Vulnerability Description
SROS 2是ROS 2开源的一款用于生成和分发SROS密钥的工具。 SROS 2存在安全漏洞,该漏洞源于存在非合规的权限文档验证实现,会导致攻击者可以构造恶意的DDS参与者以获得系统的完全控制权。
CVSS Information
N/A
Vulnerability Type
N/A