Browse all 3 CVE security advisories affecting OpenDDS. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenDDS is an open-source Data-Centric Publish-Subscribe middleware primarily used for real-time communication in distributed systems, particularly in defense, aerospace, and medical domains. Historically, it has been susceptible to remote code execution vulnerabilities due to insecure deserialization and buffer overflows in message handling, along with cross-site scripting issues in web-based management interfaces. While no major public security incidents have been widely documented, the three recorded CVEs highlight potential risks in network-facing components. Its C++ implementation and lack of built-in encryption in core versions require additional hardening for production environments, making it essential for implementers to apply security patches and implement network segmentation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-24012 | Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS — DDSCWE-200 | 8.2 | High | 2025-01-09 |
| CVE-2023-37915 | Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS — OpenDDSCWE-20 | 7.5 | High | 2023-07-21 |
| CVE-2023-23932 | Specially crafted RTPS message may cause an OpenDDS application to crash — OpenDDSCWE-248 | 5.3 | Medium | 2023-02-03 |
This page lists every published CVE security advisory associated with OpenDDS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.