{"id":"CVE-2024-28231","summary":"Manipulated DATA Submessage causes a heap-buffer-overflow error","details":"eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue.","aliases":["GHSA-9m2j-qw67-ph4w"],"modified":"2026-04-12T10:25:02.200956Z","published":"2024-03-20T20:03:18.402Z","database_specific":{"cwe_ids":["CWE-122"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28231.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28231.json"},{"type":"ADVISORY","url":"https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28231"},{"type":"FIX","url":"https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eprosima/fast-dds","events":[{"introduced":"0"},{"fixed":"77cfbe8a3a831ac525dbaf4c741743f65f3316c1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.6.8"}]}},{"type":"GIT","repo":"https://github.com/eprosima/fast-dds","events":[{"introduced":"eaeb0f593ad61fe77cf105c7ebbac44b60a13934"},{"fixed":"3118cba80c7b0db2c9bd0ede8671e3d31785cbda"}],"database_specific":{"versions":[{"introduced":"2.7.0"},{"fixed":"2.10.4"}]}},{"type":"GIT","repo":"https://github.com/eprosima/fast-dds","events":[{"introduced":"64700fcb9058c14e3c7aeee0ec130c47c9824917"},{"fixed":"092848725b8425e4f05a8ccf7b3b8d513fabf733"}],"database_specific":{"versions":[{"introduced":"2.11.0"},{"fixed":"2.12.2"}]}},{"type":"GIT","repo":"https://github.com/eprosima/fast-dds","events":[{"introduced":"f633573e69e0552f5f0a48d5ed960a0782e2fea8"},{"fixed":"4c9252bd62d6761e13b63a6ef38d5c10b6a571c6"}],"database_specific":{"versions":[{"introduced":"2.13.0"},{"fixed":"2.13.4"}]}}],"versions":["2.0.0-beta","2.0.0-rc","Discovery-Time_Data_Typing","v1.0.0","v1.3.0","v1.4.0","v1.5.0","v1.6.0","v1.7.0","v1.7.1","v1.7.2","v1.8.0","v1.8.0-2","v1.9.0","v1.9.0-beta","v1.9.0-beta-2","v2.1.0","v2.2.0","v2.3.0-1","v2.3.0-api"],"database_specific":{"vanir_signatures_modified":"2026-04-12T10:25:02Z","vanir_signatures":[{"target":{"file":"src/cpp/rtps/participant/RTPSParticipantImpl.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["262956306831166481237303932868870361372","306604317174497932475465898607727697833","196513365605387483283372719964676140728","294552922959227129118208678759959282933","233002817893507405036982977419080917531","137118083659526854717517586406070424281"]},"deprecated":false,"signature_version":"v1","id":"CVE-2024-28231-725a5a7b","source":"https://github.com/eprosima/fast-dds/commit/3118cba80c7b0db2c9bd0ede8671e3d31785cbda"},{"target":{"file":"src/cpp/rtps/participant/RTPSParticipantImpl.cpp","function":"RTPSParticipantImpl::update_attributes"},"signature_type":"Function","digest":{"length":6264,"function_hash":"324427933685653720667523570866654147901"},"deprecated":false,"signature_version":"v1","id":"CVE-2024-28231-ecb73c2a","source":"https://github.com/eprosima/fast-dds/commit/3118cba80c7b0db2c9bd0ede8671e3d31785cbda"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28231.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}