CVE-2023-39948
📋 TL;DR
This vulnerability in eprosima Fast DDS allows remote attackers to crash any Fast DDS process by triggering an uncaught BadParamException. It affects all systems running vulnerable versions of Fast DDS that process untrusted network data. The crash occurs due to improper exception handling in the Fast CDR component.
💻 Affected Systems
- eProsima Fast DDS
📦 What is this software?
Fast Dds by Eprosima
Fast Dds by Eprosima
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for any application using Fast DDS, potentially disrupting critical real-time data distribution systems in industrial, automotive, or aerospace environments.
Likely Case
Service disruption and application crashes requiring restart, leading to temporary loss of data distribution capabilities.
If Mitigated
Minimal impact with proper network segmentation and monitoring to detect and block malicious traffic patterns.
🎯 Exploit Status
Proof-of-concept network capture files are publicly available showing the crash trigger. The exploit requires sending specially crafted network packets to the Fast DDS service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.10.0 or 2.6.5
Vendor Advisory: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f
Restart Required: Yes
Instructions:
1. Identify current Fast DDS version. 2. Upgrade to version 2.10.0 or 2.6.5. 3. Recompile applications using Fast DDS with the updated library. 4. Restart all Fast DDS processes and dependent applications.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict network access to Fast DDS services to trusted sources only
iptables -A INPUT -p tcp --dport [FAST_DDS_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [FAST_DDS_PORT] -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit Fast DDS exposure to only trusted systems
- Deploy intrusion detection systems to monitor for the specific packet patterns shown in the PoC capture files
🔍 How to Verify
Check if Vulnerable:
Check Fast DDS version: ldd [application] | grep fastdds or check package manager for installed versionCheck Version:
fastdds --version 2>/dev/null || dpkg -l | grep fastdds || rpm -qa | grep fastddsVerify Fix Applied:
Confirm version is 2.10.0 or 2.6.5 or higher, and test with known exploit packets to verify service remains stable📡 Detection & Monitoring
Log Indicators:
- Application crashes with BadParamException errors
- Unexpected Fast DDS process termination
- Core dumps from Fast DDS processes
Network Indicators:
- Unusual packet patterns matching the PoC capture
- Multiple connection attempts to Fast DDS ports from untrusted sources
SIEM Query:
source="fastdds.log" AND ("BadParamException" OR "segmentation fault" OR "core dumped")🔗 References
- https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip
- https://github.com/eProsima/Fast-DDS/issues/3422
- https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f
- https://www.debian.org/security/2023/dsa-5481
- https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip
- https://github.com/eProsima/Fast-DDS/issues/3422
- https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f
- https://www.debian.org/security/2023/dsa-5481
