CVE-2021-38445

HIGH

OCI OpenDDS <3.18.1 - RCE

Title source: llm

Description

OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02

[Product] https://opendds.org/

Scores

CVSS v3 7.0

EPSS 0.0070

EPSS Percentile 72.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-130

Status published

Products (1)

objectcomputing/opendds < 3.18.1

Published May 05, 2022

Tracked Since Feb 18, 2026