漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Malformed DATA submessage leads to bad-free error in Fast-DDS
Vulnerability Description
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Vulnerability Type
双重释放
Vulnerability Title
EProsima Fast Dds 安全漏洞
Vulnerability Description
EProsima Fast Dds是西班牙EProsima公司的一个独立的 Cpp 中间件实现。用于提供 Omg Dds 1.4 和 Omg Rtps 2.2 可互操作的有线协议标准。 EProsima Fast DDS 2.11.1及之前版本存在安全漏洞,该漏洞源于允许攻击者发送特定的DATA子消息触发定位器错误。
CVSS Information
N/A
Vulnerability Type
N/A