CVE-2023-50716
📋 TL;DR
CVE-2023-50716 is a use-after-free vulnerability in eProsima Fast DDS that allows remote attackers to crash the Fast-DDS process by sending specially crafted DATA_FRAG packets. This affects all systems running vulnerable versions of Fast DDS, particularly those in industrial control, automotive, and robotics applications using DDS for real-time communication.
💻 Affected Systems
- eProsima Fast DDS
- eProsima Fast RTPS
📦 What is this software?
Fast Dds by Eprosima
Fast Dds by Eprosima
Fast Dds by Eprosima
Fast Dds by Eprosima
⚠️ Risk & Real-World Impact
Worst Case
Remote denial of service causing critical system failure in safety-critical applications like autonomous vehicles or industrial control systems, potentially leading to physical damage or safety incidents.
Likely Case
Remote process termination leading to service disruption, data loss, and potential cascading failures in distributed systems.
If Mitigated
Limited impact with proper network segmentation and monitoring, though service disruption may still occur.
🎯 Exploit Status
The advisory provides technical details but no public exploit code. The vulnerability is straightforward to exploit by sending malformed DATA_FRAG packets.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.13.0, 2.12.2, 2.11.3, 2.10.3, or 2.6.7
Vendor Advisory: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h
Restart Required: Yes
Instructions:
1. Identify current Fast DDS version. 2. Upgrade to patched version matching your major version. 3. Recompile applications using Fast DDS. 4. Restart all Fast DDS processes and dependent applications.
🔧 Temporary Workarounds
Network Segmentation
allRestrict Fast DDS traffic to trusted networks only using firewalls or network policies.
Traffic Filtering
allImplement network filtering to block or inspect DATA_FRAG packets using IDS/IPS or custom filters.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Fast DDS traffic from untrusted networks
- Deploy intrusion detection systems to monitor for malformed DATA_FRAG packets and alert on exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check Fast DDS version against affected versions. Review application logs for 'bad-free' errors or process crashes.Check Version:
Check build configuration or use 'fastdds --version' if available. For embedded systems, check build manifests or configuration files.Verify Fix Applied:
Verify Fast DDS version is 2.13.0, 2.12.2, 2.11.3, 2.10.3, or 2.6.7. Test with valid DATA_FRAG traffic to ensure stability.📡 Detection & Monitoring
Log Indicators:
- Process crashes
- 'bad-free' error messages
- Unexpected Fast DDS process termination
- Memory corruption warnings
Network Indicators:
- Malformed DATA_FRAG packets
- Unusual packet patterns to DDS ports (typically 7400-7410)
- Traffic from unexpected sources to DDS services
SIEM Query:
source="fastdds.log" AND ("bad-free" OR "segmentation fault" OR "process terminated")