CVE-2023-50257: 
Linux Debian vulnerability analysis and mitigation

CVE-2023-50257 affects eProsima Fast DDS (formerly Fast RTPS), a C++ implementation of the Data Distribution Service standard. The vulnerability exists in versions prior to 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, dating back to the initial commit of the SecurityManager.cpp code on Nov 8, 2016 (GitHub Advisory).

The vulnerability stems from unencrypted data (p[UD]) and guid values used for node disconnection in RTPS packets, even when SROS2 security is applied. The issue exists in the SecurityManager's initialization and handshake process, where the SecurityManager::init function only executes once based on the Participant GUID when initially running the node (GitHub Advisory). The vulnerability has been assigned a CVSS v3.1 base score of 9.6 CRITICAL with vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (NVD).

An attacker can forcibly disconnect a Subscriber and prevent it from reconnecting. When the attacker sends a disconnection packet (data(p[UD])) to the Global Data Space (239.255.0.1:7400) using a captured Publisher ID, all Subscribers connected to the Publisher will lose their connection and stop receiving data. Furthermore, continuous transmission of these disconnection packets prevents Subscribers from establishing new connections (GitHub Advisory).

The vulnerability has been patched in versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7. Users should upgrade to these or later versions to protect against this vulnerability (GitHub Advisory).