CVE-2023-42459

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-415
View all →

Vulnerability Description

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2005-0891

HIGH
CVSS:7.5(High)

Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.

CWE-4152005

CVE-2011-2335

HIGH
CVSS:7.5(High)

A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.

CWE-4152011

CVE-2015-5177

HIGH
CVSS:7.5(High)

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

CWE-4152015

CVE-2016-9969

HIGH
CVSS:7.5(High)

In libwebp 0.5.1, there is a double free bug in libwebpmux.

CWE-4152016

CVE-2017-18594

HIGH
CVSS:7.5(High)

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-method...

CWE-4152017

CVE-2017-5836

HIGH
CVSS:7.5(High)

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an inva...

CWE-4152017