CVE-2021-38445 HIGH

CVE-2021-38445: OCI OpenDDS Secure Improper Handling of Length Parameter Inconsistency

Vendor Oci
Product OpenDDS
Weakness CWE-130
Published May 5, 2022
Last update April 16, 2025

CVSS base score

7.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.

Key dates

02Disclosure timeline

May 5, 2022 CVE published
April 16, 2025 Record updated