CVE-2023-50716 Information

Description

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0 2.12.2 2.11.3 2.10.3 and 2.6.7 an invalid DATA_FRAG Submessage causes a bad-free error and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent the Inline_qos SerializedPayload member of object ch will attempt to release memory without initialization resulting in a ‘bad-free’ error. Versions 2.13.0 2.12.2 2.11.3 2.10.2 and 2.6.7 fix this issue.

Reference

https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h