What is CVE-2023-50716?

CVE-2023-50716 is a critical-severity vulnerability in Eprosima Fast-dds, classified under Use After Free. CVSS score: 9.7/10. Published 2024-03-06.

How severe is CVE-2023-50716?

Critical severity. CVSS v3 base score is 9.7 out of 10.

Use After Free in Eprosima Fast-dds

CVE-2023-50716

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a…

Vulnerability class: Use-After-Free

EPSS: 0.013 (79.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.7 (Critical). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Eprosima Fast-dds — versions >= 2.12.0, < 2.12.2, >= 2.11.0, < 2.11.3, >= 2.10.0, < 2.10.3

Weakness classification (CWE)

CWE-416 — Use After Free

References

https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2023-50716?: CVE-2023-50716 is a critical-severity vulnerability in Eprosima Fast-dds, classified under Use After Free. CVSS score: 9.7/10. Published 2024-03-06.
How severe is CVE-2023-50716?: Critical severity. CVSS v3 base score is 9.7 out of 10.