CVE-2025-62600
Integer Overflow in Fast DDS DATA Submessage Causes Remote OOM
Publication date: 2026-02-03
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eprosima | fast_dds | to 2.6.11 (exc) |
| eprosima | fast_dds | From 3.0.0 (inc) to 3.3.1 (exc) |
| eprosima | fast_dds | 3.4.0 |
| debian | debian_linux | 11.0 |
| debian | debian_linux | 12.0 |
| debian | debian_linux | 13.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Fast DDS, a C++ implementation of the DDS standard. When security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher can cause an Out-Of-Memory (OOM) condition. Specifically, tampering with the length field in the PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN fields of the DATA Submessage leads to an integer overflow. This overflow causes the system to allocate excessive memory during a resize operation, resulting in the remote termination of Fast DDS.
The issue was fixed in Fast DDS versions 3.4.1, 3.3.1, and 2.6.11.
How can this vulnerability impact me? :
Exploiting this vulnerability can cause Fast DDS to run out of memory and crash remotely. This leads to a denial of service condition where the affected system or application using Fast DDS may terminate unexpectedly, disrupting communication and data distribution services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Fast DDS to version 3.4.1 or later, where the issue has been fixed.
If upgrading immediately is not possible, consider disabling the security mode or avoiding modification of the DATA Submessage within SPDP packets, especially the PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN fields, to prevent triggering the out-of-memory condition.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know