{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T17:01:29.594","vulnerabilities":[{"cve":{"id":"CVE-2025-62602","sourceIdentifier":"security-advisories@github.com","published":"2026-02-03T20:15:56.640","lastModified":"2026-02-18T16:12:00.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group\n). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an \nSPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields \nof `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage are tampered with — specially  `readOctetVector`\n reads an unchecked `vecsize` that is propagated unchanged into `readData` as the `length` parameter — the attacker-contro\nlled `vecsize` can trigger a 32-bit integer overflow during the `length` calculation. That overflow can cause large alloca\ntion attempt that quickly leads to OOM, enabling a remotely-triggerable denial-of-service and remote process termination. \nVersions 3.4.1, 3.3.1, and 2.6.11 patch the issue."},{"lang":"es","value":"Fast DDS es una implementación en C++ del estándar DDS (Data Distribution Service) de la OMG (Object Management Group). Antes de las versiones 3.4.1, 3.3.1 y 2.6.11, cuando el modo de seguridad está habilitado, modificar el Submensaje DATA dentro de un paquete SPDP enviado por un publicador causa un desbordamiento de búfer de pila, lo que resulta en la terminación remota de Fast-DDS. Si los campos de `PID_IDENTITY_TOKEN` o `PID_PERMISSIONS_TOKEN` en el Submensaje DATA son manipulados — especialmente `readOctetVector` lee un `vecsize` no verificado que se propaga sin cambios a `readData` como el parámetro `length` — el `vecsize` controlado por el atacante puede desencadenar un desbordamiento de entero de 32 bits durante el cálculo de `length`. Ese desbordamiento puede causar un intento de asignación grande que rápidamente lleva a OOM, habilitando una denegación de servicio activable remotamente y la terminación remota del proceso. Las versiones 3.4.1, 3.3.1 y 2.6.11 corrigen el problema."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6.11","matchCriteriaId":"8BAE40E0-6DFF-4878-9438-9C2488C9831C"},{"vulnerable":true,"criteria":"cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.3.1","matchCriteriaId":"94A01F76-524F-4A5B-A782-CC789F229136"},{"vulnerable":true,"criteria":"cpe:2.3:a:eprosima:fast_dds:3.4.0:*:*:*:*:*:*:*","matchCriteriaId":"D4452677-95AB-46F9-9B76-9F0B15E62261"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*","matchCriteriaId":"204FC6CC-9DAC-45FB-8A9F-C9C8EDD29D54"}]}]}],"references":[{"url":"https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://security-tracker.debian.org/tracker/CVE-2025-62602","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}