CVE-2023-52427 – OpenDDS versions through 3.27 contain a vulnera... (How to Fix)

Q: What is the severity of CVE-2023-52427?

CVE-2023-52427 has a CVSS score of 7.5 (HIGH). OpenDDS versions through 3.27 contain a vulnerability where configuring a DataWriter with an excessively large resource_limits.max_samples value causes a segmentation fault. This affects systems using OpenDDS for data distribution where untrusted configuration inputs are possible. The vendor states this is expected behavior when memory limits are exceeded.

📋 TL;DR

OpenDDS versions through 3.27 contain a vulnerability where configuring a DataWriter with an excessively large resource_limits.max_samples value causes a segmentation fault. This affects systems using OpenDDS for data distribution where untrusted configuration inputs are possible. The vendor states this is expected behavior when memory limits are exceeded.

💻 Affected Systems

Products:

OpenDDS

Versions: through 3.27

Operating Systems: All platforms running OpenDDS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when resource_limits.max_samples is set to a value too large for available system memory. Default configurations are not vulnerable.

📦 What is this software?

Opendds by Objectcomputing

View all CVEs affecting Opendds →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service causing application crashes and service disruption in critical systems using OpenDDS for real-time data distribution.

🟠

Likely Case

Accidental or misconfigured max_samples values causing application instability and crashes in development or production environments.

🟢

If Mitigated

Minimal impact with proper input validation and memory monitoring preventing excessive max_samples values.

🌐 Internet-Facing: MEDIUM - Requires specific OpenDDS configuration manipulation which may be possible through exposed interfaces.

🏢 Internal Only: MEDIUM - Internal systems could be affected by misconfiguration or malicious insiders manipulating OpenDDS settings.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to modify OpenDDS configuration parameters, typically requiring some level of access or configuration control.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://github.com/OpenDDS/OpenDDS/issues/4388

Restart Required: No

Instructions:

No official patch. The vendor considers this expected behavior. Implement workarounds and proper configuration validation.

🔧 Temporary Workarounds

Validate max_samples Configuration

all

Implement input validation to ensure resource_limits.max_samples values are reasonable for available system memory

# Implement in application code: validate max_samples < (available_memory / sample_size)

Memory Monitoring and Limits

linux

Set system memory limits and monitor OpenDDS processes for abnormal memory consumption

# Use ulimit on Linux: ulimit -v [memory_limit_in_kb]
# Use cgroups or container memory limits

🧯 If You Can't Patch

Implement strict configuration validation for all OpenDDS DataWriter configurations
Monitor system logs for segmentation faults and implement automatic restart mechanisms

🔍 How to Verify

Check if Vulnerable:

Check OpenDDS version and review configuration files for resource_limits.max_samples settings that exceed available memory

Check Version:

opendds_info --version or check build configuration

Verify Fix Applied:

Verify configuration validation is implemented and test with intentionally large max_samples values to ensure graceful handling

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in application logs
Core dumps from OpenDDS processes
Memory allocation failure messages

Network Indicators:

Sudden termination of DDS communications
Missing heartbeat or discovery messages

SIEM Query:

process.name:"opendds" AND (event.type:"segmentation_fault" OR event.type:"core_dump")

📊 Metadata

CVE ID: CVE-2023-52427

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: February 11, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/OpenDDS/OpenDDS/issues/4388 Exploit,Issue Tracking
https://github.com/OpenDDS/OpenDDS/issues/4388 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52427, you might also want to check these: