CVE-2025-64438

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-64438
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64438.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-64438
Downstream
Published
2026-02-03T19:32:22.265Z
Modified
2026-02-21T10:07:50.563844Z
Severity
  • 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Fast-DDS: Unbounded GAP range triggers OOM DoS under RELIABLE QoS
Details

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (gapList .base - gapStart), an attacker drives StatefulReader::processGapMsg() into an unbounded loop that inserts millions of s equence numbers into WriterProxy::changes_received_ (std::set), causing multi-GB heap growth and process termination. No authentication is required beyond network reachability to the reader on the DDS domain. In environments without an RSS limit (non-ASan / unlimited), memory consumption was observed to rise to ~64 GB. Versions 3.4.1, 3.3.1, and 2.6.11 patch t he issue.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-835"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64438.json"
}
References

Affected packages

Git / github.com/eprosima/fast-dds

Affected ranges

Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events
Introduced
bf1d4c34c3b2b6267cd854346b1477854967264e
Fixed
f4eaa03986ab228f56042160761836995974e671
Database specific 
{
    "versions": [
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events
Introduced
c53cd0a425e6f5483fbd971eb584b4360c306891
Fixed
4ba5a3b754ee4fd40f8ae0feb3aff7e6708aae4a
Database specific 
{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.3.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
87dd60c8f3e8694481ad0279bd4cc8c645050da3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.6.11"
        }
    ]
}

Affected versions

2.*
2.0.0-beta
2.0.0-rc
Other
Discovery-Time_Data_Typing
v0.*
v0.5.2
v1.*
v1.0.0
v1.0.0.a
v1.0.6
v1.1.0
v1.2.0
v1.3.0
v1.3.1
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.0-2
v1.8.1
v1.9.0
v1.9.0-beta
v1.9.0-beta-2
v2.*
v2.1.0
v2.2.0
v2.3.0-1
v2.3.0-api

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64438.json"