CVE-2023-50716 - OpenCVE

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-06T17:23:55.916Z

Updated: 2024-08-02T22:16:47.221Z

Reserved: 2023-12-11T17:53:36.029Z

Link: CVE-2023-50716

Vulnrichment

Updated: 2024-08-02T22:16:47.221Z

NVD

Status : Awaiting Analysis

Published: 2024-03-06T18:15:46.360

Modified: 2024-03-06T21:42:48.053

Link: CVE-2023-50716

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50716", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-11T17:53:36.029Z", "datePublished": "2024-03-06T17:23:55.916Z", "dateUpdated": "2024-08-02T22:16:47.221Z"}, "containers": {"cna": {"title": "Invalid DATA_FRAG Submessage causes a bad-free error", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.7, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h"}], "affected": [{"vendor": "eProsima", "product": "Fast-DDS", "versions": [{"version": ">= 2.12.0, < 2.12.2", "status": "affected"}, {"version": ">= 2.11.0, < 2.11.3", "status": "affected"}, {"version": ">= 2.10.0, < 2.10.3", "status": "affected"}, {"version": "< 2.6.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T17:23:55.916Z"}, "descriptions": [{"lang": "en", "value": "eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue."}], "source": {"advisory": "GHSA-5m2f-hvj2-cx2h", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T19:52:53.644084Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:09.335Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:47.221Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h", "name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:47.221Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T19:52:53.644084Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:41.385Z"}}], "cna": {"title": "Invalid DATA_FRAG Submessage causes a bad-free error", "source": {"advisory": "GHSA-5m2f-hvj2-cx2h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "eProsima", "product": "Fast-DDS", "versions": [{"status": "affected", "version": ">= 2.12.0, < 2.12.2"}, {"status": "affected", "version": ">= 2.11.0, < 2.11.3"}, {"status": "affected", "version": ">= 2.10.0, < 2.10.3"}, {"status": "affected", "version": "< 2.6.7"}]}], "references": [{"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h", "name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T17:23:55.916Z"}}}, "cveMetadata": {"cveId": "CVE-2023-50716", "state": "PUBLISHED", "dateUpdated": "2024-08-02T22:16:47.221Z", "dateReserved": "2023-12-11T17:53:36.029Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-06T17:23:55.916Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue."}, {"lang": "es", "value": "eProsima Fast DDS (anteriormente Fast RTPS) es una implementaci\u00f3n en C++ del est\u00e1ndar del Servicio de distribuci\u00f3n de datos del Object Management Group. Antes de las versiones 2.13.0, 2.12.2, 2.11.3, 2.10.3 y 2.6.7, un submensaje DATA_FRAG no v\u00e1lido provoca un error sin errores y el proceso Fast-DDS se puede finalizar de forma remota. Si se env\u00eda un paquete Data_Frag no v\u00e1lido, el miembro `Inline_qos, SerializedPayload` del objeto `ch` intentar\u00e1 liberar memoria sin inicializaci\u00f3n, lo que generar\u00e1 un error de \"libre de errores\". Las versiones 2.13.0, 2.12.2, 2.11.3, 2.10.2 y 2.6.7 solucionan este problema."}], "id": "CVE-2023-50716", "lastModified": "2024-03-06T21:42:48.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-06T18:15:46.360", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Secondary"}]}