{"id":"CVE-2021-38445","details":"OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.","modified":"2026-04-10T04:36:58.769560Z","published":"2022-05-05T17:15:09.687Z","references":[{"type":"WEB","url":"https://opendds.org/"},{"type":"ADVISORY","url":"https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opendds/opendds","events":[{"introduced":"0"},{"fixed":"e3f454e402ef466c574aefca7c3dae4f8e39238c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.18.1"}]}}],"versions":["DDS-3.10","DDS-3.12","DDS-3.13","DDS-3.14","DDS-3.14-pre1","DDS-3.14-pre2","DDS-3.14-pre3","DDS-3.14-pre4","DDS-3.14-pre5","DDS-3.15","DDS-3.15-pre1","DDS-3.15-pre10","DDS-3.15-pre11","DDS-3.15-pre12","DDS-3.15-pre13","DDS-3.15-pre14","DDS-3.15-pre15","DDS-3.15-pre16","DDS-3.15-pre17","DDS-3.15-pre18","DDS-3.15-pre19","DDS-3.15-pre2","DDS-3.15-pre20","DDS-3.15-pre21","DDS-3.15-pre22","DDS-3.15-pre23","DDS-3.15-pre24","DDS-3.15-pre3","DDS-3.15-pre4","DDS-3.15-pre5","DDS-3.15-pre6","DDS-3.15-pre7","DDS-3.15-pre8","DDS-3.15-pre9","DDS-3.16","DDS-3.16-pre21","DDS-3.17","DDS-3.17-pre1","DDS-3.17-pre13","DDS-3.17-pre14","DDS-3.17-pre15","DDS-3.17-pre16","DDS-3.17-pre17","DDS-3.17-pre18","DDS-3.17-pre19","DDS-3.17-pre2","DDS-3.17-pre20","DDS-3.17-pre21","DDS-3.17-pre22","DDS-3.17-pre23","DDS-3.17-pre24","DDS-3.17-pre4","DDS-3.17-pre5","DDS-3.17-pre7","DDS-3.18","DDS-3.18-pre1","DDS-3.7","DDS-3.8","DDS-3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38445.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}