Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read 漏洞信息(CVE-2024-10838)

一、漏洞 CVE-2024-10838 基础信息

美国国家漏洞数据库 NVD

漏洞标题

Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read

来源：美国国家漏洞数据库 NVD

漏洞描述信息

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

整数下溢(超界折返)

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2024-10838 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2024-10838 的情报信息

https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42
https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5
https://gitlab.eclipse.org/security/cve-assignement/-/issues/46
https://nvd.nist.gov/vuln/detail/CVE-2024-10838

一、 漏洞 CVE-2024-10838 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2024-10838 的公开POC

三、漏洞 CVE-2024-10838 的情报信息

一、漏洞 CVE-2024-10838 基础信息