Objectcomputing: >> Opendds >> 2.4 Security Vulnerabilities
An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-23
In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits.max_samples. NOTE: the vendor's position is that the product is not designed to handle a max_samples value that is too large for the amount of memory on the system.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-11
OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-02-03
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure.
CVSS Score
6.6
EPSS Score
0.001
Published
2022-05-05
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
7.0
EPSS Score
0.007
Published
2022-05-05
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.
CVSS Score
8.6
EPSS Score
0.001
Published
2022-05-05