CVE-2021-38445
OCI OpenDDS Secure Improper Handling of Length Parameter Inconsistency
In short
OCI OpenDDS versions before 3.18.1 have a flaw where the length parameter doesn't match the actual data size, allowing attackers to remotely execute malicious code on affected systems.
Technical detail
The vulnerability stems from improper validation of length parameters in data handling (CWE-130), enabling remote code execution when an attacker sends specially crafted messages with inconsistent length values. No authentication is required to exploit this vulnerability, making it a significant remote attack vector.
Summary generated and translated by AI from the official description.
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected products
OCI · OpenDDSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →