{“lastseen”:””,”description”:”Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group\\n). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un\\nauthenticated sender can transmit a single malformed RTPS DATA_FRAG packet where `fragmentSize` and `sampleSize` are craft\\ned to violate internal assumptions. Due to a 4-byte alignment step during fragment metadata initialization, the code write\\ns past the end of the allocated payload buffer, causing immediate crash (DoS) and potentially enabling memory corruption (\\nRCE risk). Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.”,”published”:”2026-02-03T19:26:22.397Z”,”modified”:”2026-02-03T19:26:22.397Z”,”type”:”cve”,”title”:”FastDDS’s heap buffer overflow in RTPS DATA_FRAG enables unauthenticated DoS (potential RCE)”,”source”:”GitHub_M”,”references”:”https:\/\/security-tracker.debian.org\/tracker\/CVE-2025-62799\\nhttps:\/\/github.com\/eProsima\/Fast-DDS\/commit\/d6dd58f4ecd28cd1c3bc4ef0467be9110fa94659\\nhttps:\/\/github.com\/eProsima\/Fast-DDS\/commit\/0c3824ef4991628de5dfba240669dc6172d63b46\\nhttps:\/\/github.com\/eProsima\/Fast-DDS\/commit\/955c8a15899dc6eb409e080fe7dc89e142d5a514″,”id”:”CVE-2025-62799″,”bulletinFamily”:””,”cwe”:[“CWE-122″],”cvelist”:null,”sourceData”:”eProsima Fast-DDS 3.4.0\\neProsima Fast-DDS 3.0.0\\neProsima Fast-DDS 0″,”sourceHref”:””,”cvss”:{“score”:7.2,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:P\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N\/E:U”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Fast-DDS”,”version”:”3.4.0″,”vendor”:”eProsima”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group\\n). Prior to versions 3.4.1, 3.3.1, and…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,39,12,15,13,7,11,5],"class_list":["post-38837","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-72","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n