Search criteria
12 vulnerabilities found for cyclone_data_distribution_service by eclipse
FKIE_CVE-2025-67109
Vulnerability from fkie_nvd - Published: 2025-12-23 16:16 - Updated: 2026-01-06 17:42
Severity ?
Summary
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | cyclone_data_distribution_service | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:cyclone_data_distribution_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62EB0BE5-27E0-43D0-867B-498A670BE2F1",
"versionEndExcluding": "0.10.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges."
}
],
"id": "CVE-2025-67109",
"lastModified": "2026-01-06T17:42:00.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-12-23T16:16:23.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://eclipse.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-298"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-10838
Vulnerability from fkie_nvd - Published: 2025-03-12 13:15 - Updated: 2025-07-31 16:33
Severity ?
Summary
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.
References
| URL | Tags | ||
|---|---|---|---|
| emo@eclipse.org | https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5 | Patch | |
| emo@eclipse.org | https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42 | Exploit, Vendor Advisory | |
| emo@eclipse.org | https://gitlab.eclipse.org/security/cve-assignement/-/issues/46 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | cyclone_data_distribution_service | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:cyclone_data_distribution_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62EB0BE5-27E0-43D0-867B-498A670BE2F1",
"versionEndExcluding": "0.10.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros durante la deserializaci\u00f3n puede permitir que cualquier usuario no autenticado lea memoria del mont\u00f3n fuera de los l\u00edmites. Esto puede generar datos o punteros secretos que revelen la disposici\u00f3n del espacio de direcciones que se incluir\u00e1 en una estructura de datos deserializada, lo que podr\u00eda provocar fallos de subprocesos o denegaciones de servicio."
}
],
"id": "CVE-2024-10838",
"lastModified": "2025-07-31T16:33:56.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
},
"published": "2025-03-12T13:15:36.060",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5"
},
{
"source": "emo@eclipse.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/46"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-18734
Vulnerability from fkie_nvd - Published: 2021-08-23 21:15 - Updated: 2024-11-21 05:08
Severity ?
Summary
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/eclipse-cyclonedds/cyclonedds | Third Party Advisory | |
| cve@mitre.org | https://github.com/eclipse-cyclonedds/cyclonedds/issues/476 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://projects.eclipse.org/projects/iot.cyclonedds | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-cyclonedds/cyclonedds | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-cyclonedds/cyclonedds/issues/476 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://projects.eclipse.org/projects/iot.cyclonedds | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | cyclone_data_distribution_service | 0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:cyclone_data_distribution_service:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96BD8433-9B4F-421D-9341-D58258BD7BFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
},
{
"lang": "es",
"value": "Un desbordamiento del buffer de pila en el archivo /ddsi/q_bitset.h de Eclipse IOT Cyclone DDS Project v0.1.0, causa que el servidor de suscriptores DDS se bloquee."
}
],
"id": "CVE-2020-18734",
"lastModified": "2024-11-21T05:08:45.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-23T21:15:09.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-18735
Vulnerability from fkie_nvd - Published: 2021-08-23 21:15 - Updated: 2024-11-21 05:08
Severity ?
Summary
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/eclipse-cyclonedds/cyclonedds | Third Party Advisory | |
| cve@mitre.org | https://github.com/eclipse-cyclonedds/cyclonedds/issues/501 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://projects.eclipse.org/projects/iot.cyclonedds | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-cyclonedds/cyclonedds | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-cyclonedds/cyclonedds/issues/501 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://projects.eclipse.org/projects/iot.cyclonedds | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | cyclone_data_distribution_service | 0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:cyclone_data_distribution_service:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96BD8433-9B4F-421D-9341-D58258BD7BFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer de la pila en el archivo/src/dds_stream.c de Eclipse IOT Cyclone DDS Project versi\u00f3n v0.1.0, causa que el servidor de suscriptores DDS se bloquee."
}
],
"id": "CVE-2020-18735",
"lastModified": "2024-11-21T05:08:45.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-23T21:15:09.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-67109 (GCVE-0-2025-67109)
Vulnerability from cvelistv5 – Published: 2025-12-23 00:00 – Updated: 2025-12-23 15:52
VLAI?
Summary
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
Severity ?
10 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-67109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-23T15:51:53.988848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-298",
"description": "CWE-298 Improper Validation of Certificate Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T15:52:46.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T15:12:19.258Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://eclipse.com"
},
{
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28"
},
{
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84"
},
{
"url": "https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-67109",
"datePublished": "2025-12-23T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2025-12-23T15:52:46.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10838 (GCVE-0-2024-10838)
Vulnerability from cvelistv5 – Published: 2025-03-12 13:03 – Updated: 2025-03-12 13:34
VLAI?
Title
Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read
Summary
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.
Severity ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Cyclone DDS |
Affected:
0 , < 0.10.5
(semver)
|
Credits
Robert Femmer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T13:34:01.056712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T13:34:12.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Cyclone DDS",
"repo": "https://github.com/eclipse-cyclonedds/cyclonedds",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "0.10.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Robert Femmer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions."
}
],
"value": "An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T13:03:47.747Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42"
},
{
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/46"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10838",
"datePublished": "2025-03-12T13:03:47.747Z",
"dateReserved": "2024-11-05T05:23:32.317Z",
"dateUpdated": "2025-03-12T13:34:12.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18735 (GCVE-0-2020-18735)
Vulnerability from cvelistv5 – Published: 2021-08-23 20:07 – Updated: 2024-08-04 14:08
VLAI?
Summary
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:29.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T20:07:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse-cyclonedds/cyclonedds",
"refsource": "MISC",
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"name": "https://projects.eclipse.org/projects/iot.cyclonedds",
"refsource": "MISC",
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
},
{
"name": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501",
"refsource": "MISC",
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18735",
"datePublished": "2021-08-23T20:07:15",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:29.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18734 (GCVE-0-2020-18734)
Vulnerability from cvelistv5 – Published: 2021-08-23 20:07 – Updated: 2024-08-04 14:08
VLAI?
Summary
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:29.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T20:07:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476",
"refsource": "MISC",
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476"
},
{
"name": "https://github.com/eclipse-cyclonedds/cyclonedds",
"refsource": "MISC",
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"name": "https://projects.eclipse.org/projects/iot.cyclonedds",
"refsource": "MISC",
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18734",
"datePublished": "2021-08-23T20:07:14",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:29.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-67109 (GCVE-0-2025-67109)
Vulnerability from nvd – Published: 2025-12-23 00:00 – Updated: 2025-12-23 15:52
VLAI?
Summary
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
Severity ?
10 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-67109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-23T15:51:53.988848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-298",
"description": "CWE-298 Improper Validation of Certificate Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T15:52:46.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T15:12:19.258Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://eclipse.com"
},
{
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28"
},
{
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84"
},
{
"url": "https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-67109",
"datePublished": "2025-12-23T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2025-12-23T15:52:46.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10838 (GCVE-0-2024-10838)
Vulnerability from nvd – Published: 2025-03-12 13:03 – Updated: 2025-03-12 13:34
VLAI?
Title
Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read
Summary
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.
Severity ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Cyclone DDS |
Affected:
0 , < 0.10.5
(semver)
|
Credits
Robert Femmer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T13:34:01.056712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T13:34:12.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Cyclone DDS",
"repo": "https://github.com/eclipse-cyclonedds/cyclonedds",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "0.10.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Robert Femmer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions."
}
],
"value": "An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T13:03:47.747Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42"
},
{
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/46"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10838",
"datePublished": "2025-03-12T13:03:47.747Z",
"dateReserved": "2024-11-05T05:23:32.317Z",
"dateUpdated": "2025-03-12T13:34:12.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18735 (GCVE-0-2020-18735)
Vulnerability from nvd – Published: 2021-08-23 20:07 – Updated: 2024-08-04 14:08
VLAI?
Summary
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:29.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T20:07:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse-cyclonedds/cyclonedds",
"refsource": "MISC",
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"name": "https://projects.eclipse.org/projects/iot.cyclonedds",
"refsource": "MISC",
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
},
{
"name": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501",
"refsource": "MISC",
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18735",
"datePublished": "2021-08-23T20:07:15",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:29.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18734 (GCVE-0-2020-18734)
Vulnerability from nvd – Published: 2021-08-23 20:07 – Updated: 2024-08-04 14:08
VLAI?
Summary
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:29.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T20:07:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476",
"refsource": "MISC",
"url": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476"
},
{
"name": "https://github.com/eclipse-cyclonedds/cyclonedds",
"refsource": "MISC",
"url": "https://github.com/eclipse-cyclonedds/cyclonedds"
},
{
"name": "https://projects.eclipse.org/projects/iot.cyclonedds",
"refsource": "MISC",
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18734",
"datePublished": "2021-08-23T20:07:14",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:29.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}