CVE-2024-10838
8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Summary
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Eclipse Foundation | Eclipse Cyclone DDS | 0 < 0.10.5 | affected |
Weaknesses
- CWE-191: CWE-191 Integer Underflow (Wrap or Wraparound)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42
- https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/46
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.