What is CVE-2024-28231?

CVE-2024-28231 is a critical-severity vulnerability in Eprosima Fast-dds, classified under Heap-based Buffer Overflow. CVSS score: 9.7/10. Published 2024-03-20.

How severe is CVE-2024-28231?

Critical severity. CVSS v3 base score is 9.7 out of 10.

Is CVE-2024-28231 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Eprosima Fast-dds

CVE-2024-28231

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in…

Vulnerability class: Buffer Overflow

EPSS: 0.009 (75.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.7 (Critical). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Eprosima Fast-dds — versions < 2.6.8, >= 2.7.0, < 2.10.4, >= 2.11.0, < 2.12.2

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

Public proof-of-concept exploits

References

https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w (x_refsource_CONFIRM)
https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-28231?: CVE-2024-28231 is a critical-severity vulnerability in Eprosima Fast-dds, classified under Heap-based Buffer Overflow. CVSS score: 9.7/10. Published 2024-03-20.
How severe is CVE-2024-28231?: Critical severity. CVSS v3 base score is 9.7 out of 10.
Is CVE-2024-28231 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.