CVE-2023-39946: 
Linux Debian vulnerability analysis and mitigation

eprosima Fast DDS, a C++ implementation of the Data Distribution Service standard, was found to contain a heap overflow vulnerability (CVE-2023-39946) prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6. The vulnerability was discovered in the PID_PROPERTY_LIST parameter handling where a CDR string with length larger than the actual content size could trigger a buffer overflow (GitHub Advisory).

The vulnerability exists in the eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper function where memcpy is called to copy the octet-ized length and then the data into properties_.data. Both the data and size parameters can be controlled by an attacker through the CDR string sent to the discovery multicast port. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (NVD).

This vulnerability can be exploited remotely to crash any Fast-DDS process, resulting in a denial of service condition. The attack can be triggered by sending specially crafted RTPS packets to the discovery multicast port (GitHub Advisory).

The vulnerability has been patched in versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6. Users are advised to upgrade to these or later versions. For Debian users, fixed versions are available in version 2.1.0+ds-9+deb11u1 for Debian 11 (bullseye) and version 2.9.1+ds-1+deb12u1 for Debian 12 (bookworm) (Debian Advisory).