What is CVE-2023-39949?

CVE-2023-39949 is a high-severity vulnerability in Eprosima Fast-dds, classified under Reachable Assertion. CVSS score: 7.5/10. Published 2023-08-11.

How severe is CVE-2023-39949?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2023-39949 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Eprosima Fast-dds

CVE-2023-39949

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure…

EPSS: 0.001 (28.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Eprosima Fast-dds — versions >= 2.7.0, < 2.9.1, < 2.6.5

Weakness classification (CWE)

CWE-617 — Reachable Assertion

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg (x_refsource_CONFIRM)
https://github.com/eProsima/Fast-DDS/issues/3236 (x_refsource_MISC)
https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059 (x_refsource_MISC)
www.debian.org/security/2023/dsa-5481

Frequently asked questions

What is CVE-2023-39949?: CVE-2023-39949 is a high-severity vulnerability in Eprosima Fast-dds, classified under Reachable Assertion. CVSS score: 7.5/10. Published 2023-08-11.
How severe is CVE-2023-39949?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2023-39949 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.