Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group
). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast
-DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (gapList
.base - gapStart), an attacker drives StatefulReader::processGapMsg() into an unbounded loop that inserts millions of s
equence numbers into WriterProxy::changes_received_ (std::set), causing multi-GB heap growth and process termination.
No authentication is required beyond network reachability to the reader on the DDS domain. In environments without an RSS
limit (non-ASan / unlimited), memory consumption was observed to rise to ~64 GB. Versions 3.4.1, 3.3.1, and 2.6.11 patch t
he issue.
{
"cwe_ids": [
"CWE-835"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64438.json",
"cna_assigner": "GitHub_M"
}{
"cpe": [
"cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eprosima:fast_dds:3.4.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.6.11"
},
{
"introduced": "3.0.0"
},
{
"fixed": "3.3.1"
},
{
"introduced": "3.4.0"
},
{
"last_affected": "3.4.0"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}[
{
"source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"50919631908561576526994445991231815934",
"63313081671372258884462358793314735145",
"162945039374012192250446751443855988456",
"121322516468279427576474221218381313585",
"49417359452986961424743584637016712219",
"140141957446508640509021743939788904263",
"288684295083598079395891898492288289476",
"125209447217346294470192286629303595079",
"36018163357016938186807373396291175956"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-170da6ac",
"target": {
"file": "src/cpp/rtps/reader/WriterProxy.h"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"301692660437938473429019528736692829751",
"134328252456382565819873163188651168314",
"133233251876329933801288004537903409923",
"312110123979544207864437493408406036570",
"43289107335838543296630733794709341719",
"156977744984666955573959815415284701552",
"77449368646102283495927578101299165000",
"299755534491950970625431807150080302076",
"271558676406439579602182773349051972215",
"168368333521385269773691839298377441403",
"188695719232989193635992323337593407103",
"195190515506963479879585641408281501780",
"94989700414493708301102484103298233026",
"306367799327690461958882304869839579180",
"28750211201468773328717833626759324883",
"136058121613121034613143861464646945743",
"217278258312187456043567465673188669301",
"250856243781788255246339754274714357189",
"256577314738401757510918721495721911939",
"262609660289529557851202178622163943916",
"125270015816687108097406334839465017088",
"75524308320337264384287750330190543335",
"151870146797063823455520464283956918648",
"47569425265639195772385808493634808206",
"15708821327999399010381071404935693618",
"9914312728077457979326559306823339173",
"329924869500466460732636879041731695360",
"257738260896948883069283795572035676269",
"282114336325867289307855396286606052057",
"289076356729151747870760868722265518689",
"94989700414493708301102484103298233026",
"306367799327690461958882304869839579180",
"28750211201468773328717833626759324883",
"136058121613121034613143861464646945743",
"217278258312187456043567465673188669301",
"250856243781788255246339754274714357189",
"122611060834205504456715153879393680305",
"330106048147929124992617002771979317455",
"30804360640665966466143438658822480460",
"41263640436999380427739375321441145462"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-37aa8303",
"target": {
"file": "src/cpp/rtps/reader/StatefulReader.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"301692660437938473429019528736692829751",
"134328252456382565819873163188651168314",
"165389130150181020198969720205901088532",
"313785166267432714978201015002964396263",
"297333297069608497905993189504920821860",
"262752594499962386336777354700189115994",
"77449368646102283495927578101299165000",
"299755534491950970625431807150080302076",
"207907692628558105665786538438444268654",
"225373136860893663560594607552921064136",
"183710216849305672721345722774243855819",
"171948442542238878089505389355824095517",
"177159364422917702551364019013891434362",
"133733944165564037157809417980438693346",
"18115373012083474426087625668231844961",
"22179616204107938356298894896273955982",
"51300789363200554040872314085084089540",
"250856243781788255246339754274714357189",
"256577314738401757510918721495721911939",
"262609660289529557851202178622163943916",
"125270015816687108097406334839465017088",
"75524308320337264384287750330190543335",
"151870146797063823455520464283956918648",
"47569425265639195772385808493634808206",
"15708821327999399010381071404935693618",
"9914312728077457979326559306823339173",
"244009397773468710172387184500790666806",
"93725477438578395838995162309095489814",
"184111074202005619739069591760221909362",
"271616093694669227402404804978824416326",
"177159364422917702551364019013891434362",
"133733944165564037157809417980438693346",
"18115373012083474426087625668231844961",
"22179616204107938356298894896273955982",
"51300789363200554040872314085084089540",
"250856243781788255246339754274714357189",
"122611060834205504456715153879393680305",
"330106048147929124992617002771979317455",
"30804360640665966466143438658822480460",
"41263640436999380427739375321441145462"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-39370838",
"target": {
"file": "src/cpp/rtps/reader/StatefulReader.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"36728454880515147875538791151190797697",
"127274004034240021748098124592956039484",
"179170700670919488984191150979324303709",
"104350804193536487803427620919468045913",
"266009903225153187026749302303215979493",
"327441093917529701684034764111800387266",
"4808324147433070003273514893637575132",
"321679622255938821191693257600073577984",
"139367286405359825351145398486233836004",
"7177136374320169753014107522714352876",
"137296560549887263470385694009813047",
"231218288428294958729584883854809037191",
"214993748636592537477082789199794292701",
"126551735829900330238098105930087879674",
"97018139428970307314465150087429518568",
"21882160469548482804238772558127580416",
"287770411390634061742079670546367552670",
"56708397916264078066203737461699360976",
"135766269652789259262404469877643347356",
"205193623941055378324624966239089532432",
"200777158851774008025681092191082668465",
"53275189951569146313312555833020221736",
"163883359579542254756762241020490405810",
"330229276525952958851469712568049624132",
"34344364381474477731407417692274644735",
"29139316710223227784322017265568421442",
"248518572792317219323797404624157538200",
"184799419290479090659316572956930247749",
"214706294391139017057069886864834505475",
"80839903797170586098804147741122482378",
"171423058090004048095213068198970534618",
"333363650620896018196956332067176813240",
"320110527835714048249763882132631281766",
"218812277035398724095737422278970249103",
"163096471729581846751796468827982456953",
"58222040067427824583634282996690154903",
"65520678412928110465851230089861878495"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-4dce3cc8",
"target": {
"file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"281172822712147513008297092536413073866",
"57845018472174007734260014643898894241",
"305079148103351757827234731222845195019",
"279058907598930458950075426677378594429",
"36018163357016938186807373396291175956"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-68bc0164",
"target": {
"file": "src/cpp/rtps/reader/WriterProxy.h"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "199422228515173220564047555463169649672",
"length": 1091.0
},
"deprecated": false,
"id": "CVE-2025-64438-6a1b4ce3",
"target": {
"function": "StatefulReader::processGapMsg",
"file": "src/cpp/rtps/reader/StatefulReader.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"112887341157334091061155326858610604173",
"965754939442409859451481685038536795",
"127862995292524708859263124582567343931"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-7b8a70aa",
"target": {
"file": "test/blackbox/common/BlackboxTestsTransportUDP.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"36728454880515147875538791151190797697",
"131694088676299837255049171129623835302",
"179170700670919488984191150979324303709",
"104350804193536487803427620919468045913",
"266009903225153187026749302303215979493",
"327441093917529701684034764111800387266",
"4808324147433070003273514893637575132",
"321679622255938821191693257600073577984",
"139367286405359825351145398486233836004",
"7177136374320169753014107522714352876",
"137296560549887263470385694009813047",
"231218288428294958729584883854809037191",
"214993748636592537477082789199794292701",
"126551735829900330238098105930087879674",
"97018139428970307314465150087429518568",
"21882160469548482804238772558127580416",
"287770411390634061742079670546367552670",
"56708397916264078066203737461699360976",
"135766269652789259262404469877643347356",
"205193623941055378324624966239089532432",
"200777158851774008025681092191082668465",
"53275189951569146313312555833020221736",
"163883359579542254756762241020490405810",
"330229276525952958851469712568049624132",
"34344364381474477731407417692274644735",
"29139316710223227784322017265568421442",
"248518572792317219323797404624157538200",
"184799419290479090659316572956930247749",
"214706294391139017057069886864834505475",
"80839903797170586098804147741122482378",
"171423058090004048095213068198970534618",
"333363650620896018196956332067176813240",
"320110527835714048249763882132631281766",
"218812277035398724095737422278970249103",
"163096471729581846751796468827982456953",
"58222040067427824583634282996690154903",
"65520678412928110465851230089861878495"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-7ca8a3ee",
"target": {
"file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "230048456841746885429703820464474775721",
"length": 3835.0
},
"deprecated": false,
"id": "CVE-2025-64438-8e42b09b",
"target": {
"function": "TEST",
"file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "325445619678097346976305745201680663842",
"length": 1087.0
},
"deprecated": false,
"id": "CVE-2025-64438-9020d0f3",
"target": {
"function": "StatefulReader::process_gap_msg",
"file": "src/cpp/rtps/reader/StatefulReader.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "230048456841746885429703820464474775721",
"length": 3835.0
},
"deprecated": false,
"id": "CVE-2025-64438-97c038b6",
"target": {
"function": "TEST",
"file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"36728454880515147875538791151190797697",
"127274004034240021748098124592956039484",
"179170700670919488984191150979324303709",
"104350804193536487803427620919468045913",
"266009903225153187026749302303215979493",
"327441093917529701684034764111800387266",
"4808324147433070003273514893637575132",
"321679622255938821191693257600073577984",
"139367286405359825351145398486233836004",
"7177136374320169753014107522714352876",
"137296560549887263470385694009813047",
"231218288428294958729584883854809037191",
"214993748636592537477082789199794292701",
"126551735829900330238098105930087879674",
"97018139428970307314465150087429518568",
"21882160469548482804238772558127580416",
"287770411390634061742079670546367552670",
"56708397916264078066203737461699360976",
"135766269652789259262404469877643347356",
"205193623941055378324624966239089532432",
"200777158851774008025681092191082668465",
"53275189951569146313312555833020221736",
"163883359579542254756762241020490405810",
"330229276525952958851469712568049624132",
"34344364381474477731407417692274644735",
"29139316710223227784322017265568421442",
"248518572792317219323797404624157538200",
"184799419290479090659316572956930247749",
"214706294391139017057069886864834505475",
"80839903797170586098804147741122482378",
"171423058090004048095213068198970534618",
"333363650620896018196956332067176813240",
"320110527835714048249763882132631281766",
"218812277035398724095737422278970249103",
"163096471729581846751796468827982456953",
"58222040067427824583634282996690154903",
"65520678412928110465851230089861878495"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-9b6c6990",
"target": {
"file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"301692660437938473429019528736692829751",
"134328252456382565819873163188651168314",
"133233251876329933801288004537903409923",
"312110123979544207864437493408406036570",
"43289107335838543296630733794709341719",
"156977744984666955573959815415284701552",
"77449368646102283495927578101299165000",
"299755534491950970625431807150080302076",
"271558676406439579602182773349051972215",
"168368333521385269773691839298377441403",
"188695719232989193635992323337593407103",
"195190515506963479879585641408281501780",
"94989700414493708301102484103298233026",
"306367799327690461958882304869839579180",
"28750211201468773328717833626759324883",
"136058121613121034613143861464646945743",
"217278258312187456043567465673188669301",
"250856243781788255246339754274714357189",
"256577314738401757510918721495721911939",
"262609660289529557851202178622163943916",
"125270015816687108097406334839465017088",
"75524308320337264384287750330190543335",
"151870146797063823455520464283956918648",
"47569425265639195772385808493634808206",
"15708821327999399010381071404935693618",
"9914312728077457979326559306823339173",
"329924869500466460732636879041731695360",
"257738260896948883069283795572035676269",
"282114336325867289307855396286606052057",
"289076356729151747870760868722265518689",
"94989700414493708301102484103298233026",
"306367799327690461958882304869839579180",
"28750211201468773328717833626759324883",
"136058121613121034613143861464646945743",
"217278258312187456043567465673188669301",
"250856243781788255246339754274714357189",
"122611060834205504456715153879393680305",
"330106048147929124992617002771979317455",
"30804360640665966466143438658822480460",
"41263640436999380427739375321441145462"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-ac61fe17",
"target": {
"file": "src/cpp/rtps/reader/StatefulReader.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "136360461395209534778317008574987670990",
"length": 3782.0
},
"deprecated": false,
"id": "CVE-2025-64438-b21be0de",
"target": {
"function": "TEST",
"file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"112887341157334091061155326858610604173",
"965754939442409859451481685038536795",
"127862995292524708859263124582567343931"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-be488e1d",
"target": {
"file": "test/blackbox/common/BlackboxTestsTransportUDP.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "325445619678097346976305745201680663842",
"length": 1087.0
},
"deprecated": false,
"id": "CVE-2025-64438-c7f3e43b",
"target": {
"function": "StatefulReader::process_gap_msg",
"file": "src/cpp/rtps/reader/StatefulReader.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"112887341157334091061155326858610604173",
"965754939442409859451481685038536795",
"127862995292524708859263124582567343931"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-d0c476a3",
"target": {
"file": "test/blackbox/common/BlackboxTestsTransportUDP.cpp"
}
},
{
"source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"281172822712147513008297092536413073866",
"57845018472174007734260014643898894241",
"305079148103351757827234731222845195019",
"279058907598930458950075426677378594429",
"36018163357016938186807373396291175956"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-64438-fbdfc515",
"target": {
"file": "src/cpp/rtps/reader/WriterProxy.h"
}
}
]
"2026-07-15T22:55:28Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64438.json"