FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed RTPS
packet, the subscriber crashes when creating pthread
. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "fastdds-tools", "binary_version": "3.0.0+ds-3" }, { "binary_name": "fastdds-tools-dbgsym", "binary_version": "3.0.0+ds-3" }, { "binary_name": "libfastdds-dev", "binary_version": "3.0.0+ds-3" }, { "binary_name": "libfastdds-doc", "binary_version": "3.0.0+ds-3" }, { "binary_name": "libfastdds3.0", "binary_version": "3.0.0+ds-3" }, { "binary_name": "libfastdds3.0-dbgsym", "binary_version": "3.0.0+ds-3" }, { "binary_name": "libfastrtps-dev", "binary_version": "3.0.0+ds-3" } ] }