Vulnerability Description
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
CVSS Score
6.6
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Cyclonedds | < 0.8.0 |
Related Weaknesses (CWE)
References
- https://projects.eclipse.org/projects/iot.cycloneddsProduct
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02Third Party AdvisoryUS Government Resource
- https://projects.eclipse.org/projects/iot.cycloneddsProduct
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-38443?
CVE-2021-38443 is a vulnerability with a CVSS score of 6.6 (MEDIUM). Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
How severe is CVE-2021-38443?
CVE-2021-38443 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38443?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Cyclonedds.