CVE-2023-39949
HIGHeprosima Fast DDS 2.6.0-2.6.4 - Reachable Assertion via Improper Sequence Number Validation
Title source: llmDescription
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.
References (4)
Core 4
Core References
Third Party Advisory
https://www.debian.org/security/2023/dsa-5481
Third Party Advisory x_refsource_confirm
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg
Third Party Advisory x_refsource_misc
https://github.com/eProsima/Fast-DDS/issues/3236
Third Party Advisory x_refsource_misc
https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059
Scores
CVSS v3
7.5
EPSS
0.0089
EPSS Percentile
54.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-617
Status
published
Products (4)
debian/debian_linux
11.0
debian/debian_linux
12.0
eprosima/fast_dds
2.9.0
eprosima/fast_dds
2.6.0 - 2.6.5
Published
Aug 11, 2023
Tracked Since
Feb 18, 2026