CVE-2024-10838

CRITICAL

Eclipse Cyclone Data Distribution Service < 0.10.5 - Integer Underflow

Title source: rule

Description

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

References (3)

[Patch] https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5

[Exploit, Vendor Advisory] https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42

[Issue Tracking, Vendor Advisory] https://gitlab.eclipse.org/security/cve-assignement/-/issues/46

Scores

CVSS v3 9.1

EPSS 0.0067

EPSS Percentile 71.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-191

Status published

Products (1)

eclipse/cyclone_data_distribution_service < 0.10.5

Published Mar 12, 2025

Tracked Since Feb 18, 2026