CVE-2021-38441

Summary

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

Affected Software

VendorProductVersion RangeStatus
EclipseCycloneDDSunspecified < 0.8.0affected

Weaknesses

  • CWE-123: CWE-123 Write-what-where Condition

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References