{"id":"CVE-2024-30259","summary":"FastDDS heap buffer overflow when publisher sends malformed packet","details":"FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.\n","aliases":["GHSA-qcj9-939p-p662"],"modified":"2026-04-12T09:49:32.826178Z","published":"2024-05-13T14:45:28.134Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30259.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-120","CWE-122"]},"references":[{"type":"WEB","url":"https://drive.google.com/file/d/1Y2bGvP3UIOJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing"},{"type":"WEB","url":"https://vimeo.com/907641887?share=copy"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30259.json"},{"type":"ADVISORY","url":"https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30259"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eprosima/fast-dds","events":[{"introduced":"0"},{"last_affected":"4c2016660e7d6a6e94970e1a2b4dcd8e47f21581"},{"fixed":"77cfbe8a3a831ac525dbaf4c741743f65f3316c1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"= 2.14.0"},{"fixed":"2.6.8"}]}},{"type":"GIT","repo":"https://github.com/eprosima/fast-dds","events":[{"introduced":"f633573e69e0552f5f0a48d5ed960a0782e2fea8"},{"fixed":"f376f7eb3758ec523fed0519e84e768233668b25"}],"database_specific":{"versions":[{"introduced":"2.13.0"},{"fixed":"2.13.5"}]}},{"type":"GIT","repo":"https://github.com/eprosima/fast-dds","events":[{"introduced":"463d59ca81c7fd732edf45b982a58c0b54fc1da4"},{"fixed":"3118cba80c7b0db2c9bd0ede8671e3d31785cbda"}],"database_specific":{"versions":[{"introduced":"2.10.0"},{"fixed":"2.10.4"}]}}],"versions":["2.0.0-beta","2.0.0-rc","Discovery-Time_Data_Typing","v1.0.0","v1.3.0","v1.4.0","v1.5.0","v1.6.0","v1.7.0","v1.7.1","v1.7.2","v1.8.0","v1.8.0-2","v1.9.0","v1.9.0-beta","v1.9.0-beta-2","v2.1.0","v2.10.0-rc1","v2.10.1-rc1","v2.14.0","v2.2.0","v2.3.0-1","v2.3.0-api"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/cpp/rtps/participant/RTPSParticipantImpl.cpp"},"signature_version":"v1","deprecated":false,"signature_type":"Line","source":"https://github.com/eprosima/fast-dds/commit/3118cba80c7b0db2c9bd0ede8671e3d31785cbda","digest":{"threshold":0.9,"line_hashes":["262956306831166481237303932868870361372","306604317174497932475465898607727697833","196513365605387483283372719964676140728","294552922959227129118208678759959282933","233002817893507405036982977419080917531","137118083659526854717517586406070424281"]},"id":"CVE-2024-30259-725a5a7b"},{"target":{"function":"RTPSParticipantImpl::update_attributes","file":"src/cpp/rtps/participant/RTPSParticipantImpl.cpp"},"signature_version":"v1","deprecated":false,"signature_type":"Function","source":"https://github.com/eprosima/fast-dds/commit/3118cba80c7b0db2c9bd0ede8671e3d31785cbda","digest":{"length":6264,"function_hash":"324427933685653720667523570866654147901"},"id":"CVE-2024-30259-ecb73c2a"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30259.json","vanir_signatures_modified":"2026-04-12T09:49:32Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}]}