CVE-2024-28231

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Mar 20, 2024
Updated: Mar 21, 2024
CWE ID 122

Summary

CVE-2024-28231 is a vulnerability in the eprosima Fast DDS C++ implementation of the Data Distribution Service standard. Versions prior to 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 are affected by a heap overflow error that can be triggered by manipulating the DATA Submessage, leading to the termination of the process remotely. The issue arises from an integer overflow when a negative number is input into the payload_size variable of the DATA Submessage packet, causing a heap-buffer-overflow and program termination. The vulnerability has a base severity rating of CRITICAL with high impact on integrity and confidentiality, as well as high availability impact in adjacent network attacks. A fix for this issue is available in versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 of eprosima Fast DDS.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-28231 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options