CVE-2024-10838 HIGH

CVE-2024-10838: Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read

Vendor Eclipse Foundation
Product Eclipse Cyclone DDS
Weakness CWE-191
Published March 12, 2025
Last update March 12, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

Key dates

02Disclosure timeline

March 12, 2025 CVE published
March 12, 2025 Record updated