Executive Summary

CVE-2025-67111 is an integer overflow vulnerability in the RTPS protocol implementation of OpenDDS versions before 3.33.0. It occurs due to an integer underflow when processing DATA-FRAG submessages. Specifically, if the parsed byte count exceeds the expected length, a negative value is cast to an unsigned type, resulting in a very large number. Attackers can craft DATA-FRAG submessages with smaller declared lengths but embed large amounts of data, causing this underflow. This leads to invalid memory access and program crashes. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can be exploited by attackers to cause a Denial of Service (DoS) by crashing the OpenDDS application through invalid memory access triggered by crafted messages. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for crashes or segmentation faults in OpenDDS processes handling RTPS protocol messages, especially when processing DATA-FRAG submessages. Detection may involve capturing and analyzing RTPS traffic for malformed DATA-FRAG submessages with inconsistent length fields. While no specific commands are provided, using packet capture tools like tcpdump or Wireshark to filter RTPS traffic and inspecting for suspicious DATA-FRAG submessages could help. Additionally, running the proof-of-concept code available at https://github.com/lkloliver/poc/tree/main/CVE-2025-67111 may assist in testing detection. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade OpenDDS to version 3.33.0 or later, where this integer overflow vulnerability in the RTPS protocol implementation has been fixed. Until the upgrade can be applied, consider restricting or filtering RTPS traffic from untrusted sources to reduce exposure to crafted DATA-FRAG submessages that exploit this flaw. [1]

Useful 0 Not Useful 0