CVE-2024-26369
📋 TL;DR
A vulnerability in FastDDS's HistoryQosPolicy component causes a SIGABRT (abort signal) when receiving DataWriter data, leading to denial of service. This affects systems using FastDDS v2.6.x through v2.12.x for data distribution in real-time applications.
💻 Affected Systems
- FastDDS (eProsima Fast DDS)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption through repeated crashes, potentially affecting critical real-time systems like autonomous vehicles or industrial control.
Likely Case
Intermittent service interruptions and instability in DDS-based communication systems.
If Mitigated
Minimal impact with proper monitoring and restart mechanisms in place.
🎯 Exploit Status
Exploitation requires network access to DDS endpoints and knowledge of DDS protocol.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in FastDDS v2.13.0 and later versions
Vendor Advisory: https://github.com/eProsima/Fast-DDS/issues/4365
Restart Required: Yes
Instructions:
1. Update FastDDS to v2.13.0 or later. 2. Recompile applications using FastDDS. 3. Restart all FastDDS services.
🔧 Temporary Workarounds
Disable HistoryQosPolicy
allAvoid using HistoryQosPolicy in vulnerable configurations if possible.
Modify DDS QoS configuration to use different policies
Network Segmentation
allRestrict access to DDS endpoints to trusted systems only.
Configure firewall rules to limit DDS traffic (typically ports 7400-7410)
🧯 If You Can't Patch
- Implement monitoring for SIGABRT signals and automatic restart mechanisms.
- Isolate FastDDS systems in separate network segments with strict access controls.
🔍 How to Verify
Check if Vulnerable:
Check FastDDS version: if using v2.6.x, v2.10.x, v2.11.x, or v2.12.x, system is vulnerable.Check Version:
fastdds --version or check package manager (e.g., dpkg -l | grep fastdds)Verify Fix Applied:
Confirm FastDDS version is v2.13.0 or later and test DataWriter communication.📡 Detection & Monitoring
Log Indicators:
- SIGABRT signals in system logs
- FastDDS process crashes
- Error messages related to HistoryQosPolicy
Network Indicators:
- Unusual DDS traffic patterns to DataWriter endpoints
- Repeated connection attempts to DDS ports
SIEM Query:
process_name:"fastdds" AND signal:"SIGABRT"