CVE-2023-37915

Source
https://cve.org/CVERecord?id=CVE-2023-37915
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37915.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-37915
Aliases
  • GHSA-v5pp-7prc-5xq9
Published
2023-07-21T20:02:07.734Z
Modified
2026-07-15T01:49:01.066331707Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS
Details

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed PID_PROPERTY_LIST in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37915.json"
}
References

Affected packages

Git / github.com/opendds/opendds

Affected ranges

Type
GIT
Repo
https://github.com/opendds/opendds
Events
Database specific
{
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "3.23.1"
        },
        {
            "last_affected": "3.23.1"
        }
    ],
    "cpe": "cpe:2.3:a:objectcomputing:opendds:3.23.1:*:*:*:*:*:*:*"
}

Affected versions

3.*
3.23.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37915.json"