Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-24895 Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
Fixes

Solution

Eclipse recommends users apply the latest CycloneDDS patches. https://projects.eclipse.org/projects/iot.cyclonedds


Workaround

No workaround given by the vendor.

History

Wed, 16 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-04-16T16:23:56.123Z

Reserved: 2021-08-10T00:00:00.000Z

Link: CVE-2021-38443

cve-icon Vulnrichment

Updated: 2024-08-04T01:44:22.345Z

cve-icon NVD

Status : Modified

Published: 2022-05-05T17:15:09.610

Modified: 2024-11-21T06:17:06.863

Link: CVE-2021-38443

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.