Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group
). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATAFRAG receive path. An un
authenticated sender can transmit a single malformed RTPS DATAFRAG packet where fragmentSize and sampleSize are craft
ed to violate internal assumptions. Due to a 4-byte alignment step during fragment metadata initialization, the code write
s past the end of the allocated payload buffer, causing immediate crash (DoS) and potentially enabling memory corruption (
RCE risk). Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.
{
"cwe_ids": [
"CWE-122"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62799.json",
"cna_assigner": "GitHub_M"
}{
"cpe": [
"cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eprosima:fast_dds:3.4.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.6.11"
},
{
"introduced": "3.0.0"
},
{
"fixed": "3.3.1"
},
{
"introduced": "3.4.0"
},
{
"last_affected": "3.4.0"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}