vulnerability

Debian: CVE-2023-50716: fastdds -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:A/AC:L/Au:N/C:C/I:C/A:C)

Published

Mar 6, 2024

Added

May 15, 2025

Modified

Mar 30, 2026

Description

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue.

Solution

no-fix-debian-deb-package

References

CVE-2023-50716
https://attackerkb.com/topics/CVE-2023-50716
CWE-416
EUVD-EUVD-2023-55487
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-55487

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report