CNNVD-202602-268 Information
CNNVD ID
CNNVD-202602-268
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Fast-DDS是eProsima开源的一个完整的DDS系统。 Fast-DDS 3.4.1之前版本、3.3.1之前版本和2.6.11之前版本存在输入验证错误漏洞,该漏洞源于修改DATA子消息中的PID_IDENTITY_TOKEN或PID_PERMISSIONS_TOKEN字段导致整数溢出,可能引发内存耗尽和远程进程终止。
Description (English)
Fast-DDS is a complete DDS system from the open source eProsima. Before Fast-DDS 3.4.1, before 3.3.1 and before 2.6.11, there was an input validation error loophole, which resulted from the correction of the PID IDENTY Token or PID PERMISSIONS TOKEN field in the DATA sub-message, resulting in an integer spill that could trigger memory depletion and the termination of remote processes.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
eProsima
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b https://security-tracker.debian.org/tracker/CVE-2025-64098 https://access.redhat.com/security/cve/cve-2025-64098
Patch
https://github.com/eProsima/Fast-DDS/releases
Share on: