← voltar
CVE-2024-10838

Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read

CVSS 8.8 HIGHEPSS 0.9%CWE-191
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Eclipse Foundation · Eclipse Cyclone DDS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42https://gitlab.eclipse.org/security/cve-assignement/-/issues/46