Login Sign Up

CVE-2021-38425

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-38425 is a vulnerability in eProsima Fast DDS that allows attackers to send specially crafted packets to flood target devices with unwanted traffic. This can cause denial-of-service conditions and potentially expose sensitive information. Organizations using Fast DDS versions prior to 2.4.0 in industrial control systems or IoT deployments are affected.

💻 Affected Systems

Products:
  • eProsima Fast DDS
Versions: All versions prior to 2.4.0
Operating Systems: All platforms running Fast DDS
Default Config Vulnerable: ⚠️ Yes
Notes: Industrial control systems and IoT devices using Fast DDS for data distribution are particularly vulnerable.

📦 What is this software?

Fast Dds by Eprosima

View all CVEs affecting Fast Dds →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability due to resource exhaustion, potential information disclosure through memory leaks, and disruption of critical industrial processes.

🟠

Likely Case

Service degradation or temporary denial-of-service affecting data distribution functionality in affected systems.

🟢

If Mitigated

Minimal impact with proper network segmentation, rate limiting, and updated software.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely without authentication via network packets.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted network packets to vulnerable Fast DDS instances.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.0

Vendor Advisory: https://github.com/eProsima/Fast-DDS

Restart Required: Yes

Instructions:

1. Update Fast DDS to version 2.4.0 or later. 2. Recompile applications using Fast DDS with the updated library. 3. Restart all services using Fast DDS.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Fast DDS instances from untrusted networks using firewalls or network segmentation.

Rate Limiting

all

Implement network rate limiting to restrict packet flooding attempts.

🧯 If You Can't Patch

  • Implement strict network access controls to limit which systems can communicate with Fast DDS instances.
  • Deploy intrusion detection systems to monitor for packet flooding patterns and anomalous traffic.

🔍 How to Verify

Check if Vulnerable:

Check Fast DDS version using the application's version command or by examining linked libraries.

Check Version:

Check application documentation for version command or use: ldd <application> | grep fastrtps

Verify Fix Applied:

Verify Fast DDS version is 2.4.0 or later and monitor for packet flooding attempts.

📡 Detection & Monitoring

Log Indicators:

  • Unusual increase in packet processing errors
  • Resource exhaustion warnings
  • High CPU/memory usage by Fast DDS processes

Network Indicators:

  • Sudden spikes in network traffic to Fast DDS ports
  • Unusual packet patterns from single sources
  • TCP/UDP flood patterns

SIEM Query:

source_port:7400 OR dest_port:7400 AND (bytes > 1000000 OR packets > 1000) WITHIN 1 MINUTE

📊 Metadata

CVE ID: CVE-2021-38425
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-406
Published: May 5, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38425, you might also want to check these:

CVE-2021-38135 8.6

CVE-2021-38135 is an External Service Interaction vulnerability in OpenText iManager that allows att...

Same vulnerability type (CWE-406)
CVE-2021-38487 8.2

This vulnerability in RTI Connext Professional and Micro allows attackers to send specially crafted ...

Same vulnerability type (CWE-406)
CVE-2023-28456 7.5

CVE-2023-28456 is a DNS amplification vulnerability in Technitium DNS Server that allows attackers t...

Same vulnerability type (CWE-406)