CVE-2025-62601
- Source
- https://cve.org/CVERecord?id=CVE-2025-62601
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62601.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-62601
- Downstream
- Published
- 2026-02-03T19:16:20.692Z
- Modified
- 2026-02-20T01:34:53.431291Z
- Severity
-
- 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- FastDDS has heap buffer overflow in readString via Manipulated DATA Submessage when DDS Security is enabled
- Details
-
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of
PID_IDENTITY_TOKENorPID_PERMISSIONS_TOKENin the DATA Submessage — specifically by tampering with thestr_sizevalue read byreadString(called fromreadBinaryProperty) — are modified, a 32-bit integer overflow can occur, causingstd::vector::resizeto use an attacker-controlled size and quickly trigger heap buffer overflow and remote process term ination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62601.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-122" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62601.json
- https://github.com/eProsima/Fast-DDS
- https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
- https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b
- https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a
- https://nvd.nist.gov/vuln/detail/CVE-2025-62601
- https://security-tracker.debian.org/tracker/CVE-2025-62601