Vulnerability in Eprosima Fast-dds
CVE-2023-50257
eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used t…
EPSS: 0.002 (37.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.7 (Critical). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Eprosima Fast-dds — versions >= 2.12.0, < 2.12.2, >= 2.11.0, < 2.11.3, >= 2.7.0, < 2.10.3
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98 (x_refsource_CONFIRM)
- https://github.com/eProsima/Fast-DDS/commit/072cbc9d6a71d869a5cbed1873c0cdd6cf67cda4 (x_refsource_MISC)
- https://github.com/eProsima/Fast-DDS/commit/e1869863c06db7fbb366ae53760fbe6e754be026 (x_refsource_MISC)
- https://github.com/eProsima/Fast-DDS/commit/f07a0213e655202188840b864be4438ae1067a13 (x_refsource_MISC)
- https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2023-50257?
- CVE-2023-50257 is a critical-severity vulnerability in Eprosima Fast-dds, classified under Improper Access Control. CVSS score: 9.7/10. Published 2024-02-19.
- How severe is CVE-2023-50257?
- Critical severity. CVSS v3 base score is 9.7 out of 10.
- Is CVE-2023-50257 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.