Source: fastdds Version: 2.10.1+ds-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for fastdds. CVE-2023-39945[0]: | eprosima Fast DDS is a C++ implementation of the Data Distribution | Service standard of the Object Management Group. Prior to versions | 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port | raises unhandled `BadParamException` in fastcdr, which in turn | crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a | patch for this issue. CVE-2023-39946[1]: | eprosima Fast DDS is a C++ implementation of the Data Distribution | Service standard of the Object Management Group. Prior to versions | 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by | providing a PID_PROPERTY_LIST parameter that contains a CDR string | with length larger than the size of actual content. In | `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, | `memcpy` is called to first copy the octet'ized length and then to | copy the data into `properties_.data`. At the second memcpy, both | `data` and `size` can be controlled by anyone that sends the CDR | string to the discovery multicast port. This can remotely crash any | Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain | a patch for this issue. CVE-2023-39947[2]: | eprosima Fast DDS is a C++ implementation of the Data Distribution | Service standard of the Object Management Group. Prior to versions | 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit | 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap | overflow at a different program counter. This can remotely crash any | Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain | a patch for this issue. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-39945 https://www.cve.org/CVERecord?id=CVE-2023-39945 [1] https://security-tracker.debian.org/tracker/CVE-2023-39946 https://www.cve.org/CVERecord?id=CVE-2023-39946 [2] https://security-tracker.debian.org/tracker/CVE-2023-39947 https://www.cve.org/CVERecord?id=CVE-2023-39947 Regards, Salvatore
