OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS).
#Freecol build queue series#
3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6-EIP Unit version of the built-in EtherNet/IP section Ver. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3 Unit version of the built-in EtherNet/IP section Ver. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition.
#Freecol build queue Patch#
Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue.ĭenial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.Įprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. This can remotely crash any Fast-DDS process. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.Įprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group.
This allows an attacker to port scan internal hosts and request information from internal hosts. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. This could allow an adversary to access some device files. The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b.
0 kommentar(er)
