CVE-2025-64098— Fast-DDS 输入验证错误漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-64098の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
FastDDS has Out-of-memory in readOctetVector via Manipulated DATA Submessage when DDS Security is enabled
ソース: NVD (National Vulnerability Database)
脆弱性説明
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage are tampered with — specifically by ta mpering with the the `vecsize` value read by `readOctetVector` — a 32-bit integer overflow can occur, causing `std::vector ::resize` to request an attacker-controlled size and quickly trigger OOM and remote process termination. Versions 3.4.1, 3 .3.1, and 2.6.11 patch the issue.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
跨界内存读
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Fast-DDS 输入验证错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Fast-DDS是eProsima开源的一个完整的DDS系统。 Fast-DDS 3.4.1之前版本、3.3.1之前版本和2.6.11之前版本存在输入验证错误漏洞,该漏洞源于修改DATA子消息中的PID_IDENTITY_TOKEN或PID_PERMISSIONS_TOKEN字段导致整数溢出,可能引发内存耗尽和远程进程终止。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2025-64098の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-64098のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · eProsima · 2026-02-03 · 8 CVEs total
| CVE-2025-62599 | 8.6 HIGH | eprosima Fast DDS affected by Out-of-Memory in readPropertySeq via Manipulated DATA Submes |
| CVE-2025-62600 | 8.6 HIGH | eprosima Fast DDS affected by Out-of-Memory in readBinaryPropertySeq via Manipulated DATA |
| CVE-2025-62799 | FastDDS's heap buffer overflow in RTPS DATA_FRAG enables unauthenticated DoS (potential RC | |
| CVE-2025-62602 | FastDDS has heap buffer overflow in readData via Manipulated DATA Submessage when DDS Secu | |
| CVE-2025-62601 | FastDDS has heap buffer overflow in readString via Manipulated DATA Submessage when DDS Se | |
| CVE-2025-62603 | FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled | |
| CVE-2025-64438 | Fast-DDS: Unbounded GAP range triggers OOM DoS under RELIABLE QoS |
IV. 関連脆弱性
同じ製品: Fast-DDS
- CVE-2025-64438
Fast-DDS: Unbounded GAP range triggers OOM DoS under RELIABL - CVE-2025-62799
FastDDS's heap buffer overflow in RTPS DATA_FRAG enables una - CVE-2025-62603
FastDDS has Out-of-memory while parsing GenericMessage when - CVE-2025-62602
FastDDS has heap buffer overflow in readData via Manipulated - CVE-2025-62601
FastDDS has heap buffer overflow in readString via Manipulat
同じベンダー: eProsima
- CVE-2025-64438
Fast-DDS: Unbounded GAP range triggers OOM DoS under RELIABL - CVE-2025-62799
FastDDS's heap buffer overflow in RTPS DATA_FRAG enables una - CVE-2025-62603
FastDDS has Out-of-memory while parsing GenericMessage when - CVE-2025-62602
FastDDS has heap buffer overflow in readData via Manipulated - CVE-2025-62601
FastDDS has heap buffer overflow in readString via Manipulat
同じ弱点: CWE-125
- CVE-2026-8177
XML::LibXML versions through 2.0210 for Perl read out-of-bou - CVE-2026-6104
Global buffer over-read in mb_convert_encoding() with attack - CVE-2026-7258
Out-of-bounds read in urldecode() on NetBSD - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out- - CVE-2026-3508
ASUS System Control Interface 缓冲区错误漏洞
V. CVE-2025-64098へのコメント
まだコメントはありません