CVE-2024-28231

CRITICAL

eprosima Fast DDS < 2.6.8 - Heap-based Buffer Overflow via DATA Submessage

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-28231. PoCs published by grimmmbo.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2024-28231, a heap buffer overflow vulnerability in Fast RTPS version 2.10.3. The exploit triggers a denial-of-service (DoS) by manipulating RTPS packets to overflow the heap, targeting ROS2 Iron subscribers.

Description

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue.

Exploits (1)

nomisec WORKING POC

by grimmmbo · poc

https://github.com/grimmmbo/ros2_CVE-2024-28231

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2024-28231, a heap buffer overflow vulnerability in Fast RTPS version 2.10.3. The exploit triggers a denial-of-service (DoS) by manipulating RTPS packets to overflow the heap, targeting ROS2 Iron subscribers.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Fast RTPS 2.10.3 (ROS2 Iron)

No auth needed

Prerequisites: ROS2 Iron with Fast RTPS 2.10.3 · Active publisher and subscriber on different IPs · Topic with variable-length message types (e.g., std_msgs/Float32MultiArray)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w

Patch x_refsource_misc

https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b

View Patch ZIP pw:eip

Scores

CVSS v3 9.6

EPSS 0.0094

EPSS Percentile 56.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-122 CWE-787

Status published

Products (1)

eprosima/fast_dds < 2.6.8

Published Mar 20, 2024

Tracked Since Feb 18, 2026