OSV-2024-272

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/cyclonedds/OSV-2024-272.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-272
Published
2024-04-18T00:05:58.463730Z
Modified
2024-04-18T00:05:58.464184Z
Summary
Heap-buffer-overflow in DDS_Security_Deserialize_ParticipantBuiltinTopicData
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68028

Crash type: Heap-buffer-overflow READ 2
Crash state:
DDS_Security_Deserialize_ParticipantBuiltinTopicData
fuzz_security_deser.c
References

Affected packages

OSS-Fuzz / cyclonedds

Package

Name
cyclonedds
Purl
pkg:generic/cyclonedds

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-cyclonedds/cyclonedds
Events
Introduced
31a4843667830be87a38bd8bb22268061f79b42b
Fixed
2ad37f4cc3d545149f680d6a8b0ff31e0ea84edc

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "31a4843667830be87a38bd8bb22268061f79b42b:2ad37f4cc3d545149f680d6a8b0ff31e0ea84edc"
}