CVE-2025-64438

Source
https://cve.org/CVERecord?id=CVE-2025-64438
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64438.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-64438
Downstream
Published
2026-02-03T19:32:22.265Z
Modified
2026-07-15T22:55:28.853126Z
Severity
  • 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Fast-DDS: Unbounded GAP range triggers OOM DoS under RELIABLE QoS
Details

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (gapList .base - gapStart), an attacker drives StatefulReader::processGapMsg() into an unbounded loop that inserts millions of s equence numbers into WriterProxy::changes_received_ (std::set), causing multi-GB heap growth and process termination. No authentication is required beyond network reachability to the reader on the DDS domain. In environments without an RSS limit (non-ASan / unlimited), memory consumption was observed to rise to ~64 GB. Versions 3.4.1, 3.3.1, and 2.6.11 patch t he issue.

Database specific
{
    "cwe_ids": [
        "CWE-835"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64438.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/eprosima/fast-dds

Affected ranges

Type
GIT
Repo
https://github.com/eprosima/fast-dds
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:eprosima:fast_dds:3.4.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.6.11"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.3.1"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "last_affected": "3.4.0"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.0.0-beta
2.0.0-rc
3.*
3.4.0
Other
Discovery-Time_Data_Typing
v1.*
v1.0.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.0-2
v1.9.0
v1.9.0-beta
v1.9.0-beta-2
v2.*
v2.1.0
v2.10.0-rc1
v2.10.1-rc1
v2.2.0
v2.3.0-1
v2.3.0-api

Database specific

vanir_signatures
[
    {
        "source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "50919631908561576526994445991231815934",
                "63313081671372258884462358793314735145",
                "162945039374012192250446751443855988456",
                "121322516468279427576474221218381313585",
                "49417359452986961424743584637016712219",
                "140141957446508640509021743939788904263",
                "288684295083598079395891898492288289476",
                "125209447217346294470192286629303595079",
                "36018163357016938186807373396291175956"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-170da6ac",
        "target": {
            "file": "src/cpp/rtps/reader/WriterProxy.h"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "301692660437938473429019528736692829751",
                "134328252456382565819873163188651168314",
                "133233251876329933801288004537903409923",
                "312110123979544207864437493408406036570",
                "43289107335838543296630733794709341719",
                "156977744984666955573959815415284701552",
                "77449368646102283495927578101299165000",
                "299755534491950970625431807150080302076",
                "271558676406439579602182773349051972215",
                "168368333521385269773691839298377441403",
                "188695719232989193635992323337593407103",
                "195190515506963479879585641408281501780",
                "94989700414493708301102484103298233026",
                "306367799327690461958882304869839579180",
                "28750211201468773328717833626759324883",
                "136058121613121034613143861464646945743",
                "217278258312187456043567465673188669301",
                "250856243781788255246339754274714357189",
                "256577314738401757510918721495721911939",
                "262609660289529557851202178622163943916",
                "125270015816687108097406334839465017088",
                "75524308320337264384287750330190543335",
                "151870146797063823455520464283956918648",
                "47569425265639195772385808493634808206",
                "15708821327999399010381071404935693618",
                "9914312728077457979326559306823339173",
                "329924869500466460732636879041731695360",
                "257738260896948883069283795572035676269",
                "282114336325867289307855396286606052057",
                "289076356729151747870760868722265518689",
                "94989700414493708301102484103298233026",
                "306367799327690461958882304869839579180",
                "28750211201468773328717833626759324883",
                "136058121613121034613143861464646945743",
                "217278258312187456043567465673188669301",
                "250856243781788255246339754274714357189",
                "122611060834205504456715153879393680305",
                "330106048147929124992617002771979317455",
                "30804360640665966466143438658822480460",
                "41263640436999380427739375321441145462"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-37aa8303",
        "target": {
            "file": "src/cpp/rtps/reader/StatefulReader.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "301692660437938473429019528736692829751",
                "134328252456382565819873163188651168314",
                "165389130150181020198969720205901088532",
                "313785166267432714978201015002964396263",
                "297333297069608497905993189504920821860",
                "262752594499962386336777354700189115994",
                "77449368646102283495927578101299165000",
                "299755534491950970625431807150080302076",
                "207907692628558105665786538438444268654",
                "225373136860893663560594607552921064136",
                "183710216849305672721345722774243855819",
                "171948442542238878089505389355824095517",
                "177159364422917702551364019013891434362",
                "133733944165564037157809417980438693346",
                "18115373012083474426087625668231844961",
                "22179616204107938356298894896273955982",
                "51300789363200554040872314085084089540",
                "250856243781788255246339754274714357189",
                "256577314738401757510918721495721911939",
                "262609660289529557851202178622163943916",
                "125270015816687108097406334839465017088",
                "75524308320337264384287750330190543335",
                "151870146797063823455520464283956918648",
                "47569425265639195772385808493634808206",
                "15708821327999399010381071404935693618",
                "9914312728077457979326559306823339173",
                "244009397773468710172387184500790666806",
                "93725477438578395838995162309095489814",
                "184111074202005619739069591760221909362",
                "271616093694669227402404804978824416326",
                "177159364422917702551364019013891434362",
                "133733944165564037157809417980438693346",
                "18115373012083474426087625668231844961",
                "22179616204107938356298894896273955982",
                "51300789363200554040872314085084089540",
                "250856243781788255246339754274714357189",
                "122611060834205504456715153879393680305",
                "330106048147929124992617002771979317455",
                "30804360640665966466143438658822480460",
                "41263640436999380427739375321441145462"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-39370838",
        "target": {
            "file": "src/cpp/rtps/reader/StatefulReader.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "36728454880515147875538791151190797697",
                "127274004034240021748098124592956039484",
                "179170700670919488984191150979324303709",
                "104350804193536487803427620919468045913",
                "266009903225153187026749302303215979493",
                "327441093917529701684034764111800387266",
                "4808324147433070003273514893637575132",
                "321679622255938821191693257600073577984",
                "139367286405359825351145398486233836004",
                "7177136374320169753014107522714352876",
                "137296560549887263470385694009813047",
                "231218288428294958729584883854809037191",
                "214993748636592537477082789199794292701",
                "126551735829900330238098105930087879674",
                "97018139428970307314465150087429518568",
                "21882160469548482804238772558127580416",
                "287770411390634061742079670546367552670",
                "56708397916264078066203737461699360976",
                "135766269652789259262404469877643347356",
                "205193623941055378324624966239089532432",
                "200777158851774008025681092191082668465",
                "53275189951569146313312555833020221736",
                "163883359579542254756762241020490405810",
                "330229276525952958851469712568049624132",
                "34344364381474477731407417692274644735",
                "29139316710223227784322017265568421442",
                "248518572792317219323797404624157538200",
                "184799419290479090659316572956930247749",
                "214706294391139017057069886864834505475",
                "80839903797170586098804147741122482378",
                "171423058090004048095213068198970534618",
                "333363650620896018196956332067176813240",
                "320110527835714048249763882132631281766",
                "218812277035398724095737422278970249103",
                "163096471729581846751796468827982456953",
                "58222040067427824583634282996690154903",
                "65520678412928110465851230089861878495"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-4dce3cc8",
        "target": {
            "file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "281172822712147513008297092536413073866",
                "57845018472174007734260014643898894241",
                "305079148103351757827234731222845195019",
                "279058907598930458950075426677378594429",
                "36018163357016938186807373396291175956"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-68bc0164",
        "target": {
            "file": "src/cpp/rtps/reader/WriterProxy.h"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "199422228515173220564047555463169649672",
            "length": 1091.0
        },
        "deprecated": false,
        "id": "CVE-2025-64438-6a1b4ce3",
        "target": {
            "function": "StatefulReader::processGapMsg",
            "file": "src/cpp/rtps/reader/StatefulReader.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "112887341157334091061155326858610604173",
                "965754939442409859451481685038536795",
                "127862995292524708859263124582567343931"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-7b8a70aa",
        "target": {
            "file": "test/blackbox/common/BlackboxTestsTransportUDP.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "36728454880515147875538791151190797697",
                "131694088676299837255049171129623835302",
                "179170700670919488984191150979324303709",
                "104350804193536487803427620919468045913",
                "266009903225153187026749302303215979493",
                "327441093917529701684034764111800387266",
                "4808324147433070003273514893637575132",
                "321679622255938821191693257600073577984",
                "139367286405359825351145398486233836004",
                "7177136374320169753014107522714352876",
                "137296560549887263470385694009813047",
                "231218288428294958729584883854809037191",
                "214993748636592537477082789199794292701",
                "126551735829900330238098105930087879674",
                "97018139428970307314465150087429518568",
                "21882160469548482804238772558127580416",
                "287770411390634061742079670546367552670",
                "56708397916264078066203737461699360976",
                "135766269652789259262404469877643347356",
                "205193623941055378324624966239089532432",
                "200777158851774008025681092191082668465",
                "53275189951569146313312555833020221736",
                "163883359579542254756762241020490405810",
                "330229276525952958851469712568049624132",
                "34344364381474477731407417692274644735",
                "29139316710223227784322017265568421442",
                "248518572792317219323797404624157538200",
                "184799419290479090659316572956930247749",
                "214706294391139017057069886864834505475",
                "80839903797170586098804147741122482378",
                "171423058090004048095213068198970534618",
                "333363650620896018196956332067176813240",
                "320110527835714048249763882132631281766",
                "218812277035398724095737422278970249103",
                "163096471729581846751796468827982456953",
                "58222040067427824583634282996690154903",
                "65520678412928110465851230089861878495"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-7ca8a3ee",
        "target": {
            "file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "230048456841746885429703820464474775721",
            "length": 3835.0
        },
        "deprecated": false,
        "id": "CVE-2025-64438-8e42b09b",
        "target": {
            "function": "TEST",
            "file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "325445619678097346976305745201680663842",
            "length": 1087.0
        },
        "deprecated": false,
        "id": "CVE-2025-64438-9020d0f3",
        "target": {
            "function": "StatefulReader::process_gap_msg",
            "file": "src/cpp/rtps/reader/StatefulReader.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "230048456841746885429703820464474775721",
            "length": 3835.0
        },
        "deprecated": false,
        "id": "CVE-2025-64438-97c038b6",
        "target": {
            "function": "TEST",
            "file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "36728454880515147875538791151190797697",
                "127274004034240021748098124592956039484",
                "179170700670919488984191150979324303709",
                "104350804193536487803427620919468045913",
                "266009903225153187026749302303215979493",
                "327441093917529701684034764111800387266",
                "4808324147433070003273514893637575132",
                "321679622255938821191693257600073577984",
                "139367286405359825351145398486233836004",
                "7177136374320169753014107522714352876",
                "137296560549887263470385694009813047",
                "231218288428294958729584883854809037191",
                "214993748636592537477082789199794292701",
                "126551735829900330238098105930087879674",
                "97018139428970307314465150087429518568",
                "21882160469548482804238772558127580416",
                "287770411390634061742079670546367552670",
                "56708397916264078066203737461699360976",
                "135766269652789259262404469877643347356",
                "205193623941055378324624966239089532432",
                "200777158851774008025681092191082668465",
                "53275189951569146313312555833020221736",
                "163883359579542254756762241020490405810",
                "330229276525952958851469712568049624132",
                "34344364381474477731407417692274644735",
                "29139316710223227784322017265568421442",
                "248518572792317219323797404624157538200",
                "184799419290479090659316572956930247749",
                "214706294391139017057069886864834505475",
                "80839903797170586098804147741122482378",
                "171423058090004048095213068198970534618",
                "333363650620896018196956332067176813240",
                "320110527835714048249763882132631281766",
                "218812277035398724095737422278970249103",
                "163096471729581846751796468827982456953",
                "58222040067427824583634282996690154903",
                "65520678412928110465851230089861878495"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-9b6c6990",
        "target": {
            "file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "301692660437938473429019528736692829751",
                "134328252456382565819873163188651168314",
                "133233251876329933801288004537903409923",
                "312110123979544207864437493408406036570",
                "43289107335838543296630733794709341719",
                "156977744984666955573959815415284701552",
                "77449368646102283495927578101299165000",
                "299755534491950970625431807150080302076",
                "271558676406439579602182773349051972215",
                "168368333521385269773691839298377441403",
                "188695719232989193635992323337593407103",
                "195190515506963479879585641408281501780",
                "94989700414493708301102484103298233026",
                "306367799327690461958882304869839579180",
                "28750211201468773328717833626759324883",
                "136058121613121034613143861464646945743",
                "217278258312187456043567465673188669301",
                "250856243781788255246339754274714357189",
                "256577314738401757510918721495721911939",
                "262609660289529557851202178622163943916",
                "125270015816687108097406334839465017088",
                "75524308320337264384287750330190543335",
                "151870146797063823455520464283956918648",
                "47569425265639195772385808493634808206",
                "15708821327999399010381071404935693618",
                "9914312728077457979326559306823339173",
                "329924869500466460732636879041731695360",
                "257738260896948883069283795572035676269",
                "282114336325867289307855396286606052057",
                "289076356729151747870760868722265518689",
                "94989700414493708301102484103298233026",
                "306367799327690461958882304869839579180",
                "28750211201468773328717833626759324883",
                "136058121613121034613143861464646945743",
                "217278258312187456043567465673188669301",
                "250856243781788255246339754274714357189",
                "122611060834205504456715153879393680305",
                "330106048147929124992617002771979317455",
                "30804360640665966466143438658822480460",
                "41263640436999380427739375321441145462"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-ac61fe17",
        "target": {
            "file": "src/cpp/rtps/reader/StatefulReader.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "136360461395209534778317008574987670990",
            "length": 3782.0
        },
        "deprecated": false,
        "id": "CVE-2025-64438-b21be0de",
        "target": {
            "function": "TEST",
            "file": "test/unittest/rtps/reader/WriterProxyTests.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "112887341157334091061155326858610604173",
                "965754939442409859451481685038536795",
                "127862995292524708859263124582567343931"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-be488e1d",
        "target": {
            "file": "test/blackbox/common/BlackboxTestsTransportUDP.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "325445619678097346976305745201680663842",
            "length": 1087.0
        },
        "deprecated": false,
        "id": "CVE-2025-64438-c7f3e43b",
        "target": {
            "function": "StatefulReader::process_gap_msg",
            "file": "src/cpp/rtps/reader/StatefulReader.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "112887341157334091061155326858610604173",
                "965754939442409859451481685038536795",
                "127862995292524708859263124582567343931"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-d0c476a3",
        "target": {
            "file": "test/blackbox/common/BlackboxTestsTransportUDP.cpp"
        }
    },
    {
        "source": "https://github.com/eprosima/fast-dds/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "281172822712147513008297092536413073866",
                "57845018472174007734260014643898894241",
                "305079148103351757827234731222845195019",
                "279058907598930458950075426677378594429",
                "36018163357016938186807373396291175956"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2025-64438-fbdfc515",
        "target": {
            "file": "src/cpp/rtps/reader/WriterProxy.h"
        }
    }
]
vanir_signatures_modified
"2026-07-15T22:55:28Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64438.json"