Vulnerability Description
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Cyclone Data Distribution Service | < 0.10.5 |
Related Weaknesses (CWE)
References
- https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5Patch
- https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-wExploitVendor Advisory
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/46Issue TrackingVendor Advisory
FAQ
What is CVE-2024-10838?
CVE-2024-10838 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space...
How severe is CVE-2024-10838?
CVE-2024-10838 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-10838?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Cyclone Data Distribution Service.