CNNVD-202602-307 Information
CNNVD ID
CNNVD-202602-307
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Fast-DDS是eProsima开源的一个完整的DDS系统。 Fast-DDS 3.4.1之前版本、3.3.1之前版本和2.6.11之前版本存在输入验证错误漏洞,该漏洞源于修改DATA子消息中的PID_IDENTITY_TOKEN或PID_PERMISSION_TOKEN字段长度导致整数溢出,可能引发内存耗尽和远程进程终止。
Description (English)
Fast-DDS is a complete DDS system from the open source eProsima. Before Fast-DDS 3.4.1, before 3.3.1 and before 2.6.11, there was an input validation error loophole, which resulted from changes to the PID IDENTY TOKEN or PID PERMISSION TOKEN field lengths in DATA sub-messages, leading to integer spills that could trigger memory depletion and the termination of remote processes.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
eProsima
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a https://security-tracker.debian.org/tracker/CVE-2025-62600 https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b https://access.redhat.com/security/cve/cve-2025-62600
Patch
https://github.com/eProsima/Fast-DDS/releases
Share on: