CVE-2024-10838
CRITICALEclipse Cyclone Data Distribution Service < 0.10.5 - Unauthenticated Integer Underflow via Deserialization
Title source: llmDescription
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.
References (3)
Core 3
Core References
Exploit, Vendor Advisory
https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42
Issue Tracking, Vendor Advisory
https://gitlab.eclipse.org/security/cve-assignement/-/issues/46
Scores
CVSS v3
9.1
EPSS
0.0088
EPSS Percentile
54.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-191
Status
published
Products (1)
eclipse/cyclone_data_distribution_service
< 0.10.5
Published
Mar 12, 2025
Tracked Since
Feb 18, 2026