CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.

High

mitza-oci published GHSA-8wvq-25f5-f8h4

Feb 1, 2023

**Affected versions**

< 3.23.1

**Description**

**Impact**

OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input.

**Patches**

Patched in Pull Requests #4010, #4016, #4018 and fixed in release 3.23.1

**Workarounds**

n/a

**References**

Section 15.4 of the OpenDDS Developer's Guide details Security Considerations for running internet-exposed OpenDDS applications.

**Severity**

**CVSS base metrics**

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Headline

CVE-2023-23932: Specially-crafted RTPS messages may cause an OpenDDS application to crash

CVE: Latest News