CVE-2023-39949 HIGH

CVE-2023-39949: Improper validation of sequence numbers leading to remotely reachable assertion failure

Vendor Eprosima
Product Fast-DDS
Weakness CWE-617
Published August 11, 2023
Last update February 13, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.

Key dates

02Disclosure timeline

August 11, 2023 CVE published
February 13, 2025 Record updated