CVE-2025-64098
Integer Overflow in Fast DDS DATA Submessage Causes Remote OOM
Publication date: 2026-02-03
Last updated on: 2026-02-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| debian | debian_linux | 11.0 |
| debian | debian_linux | 12.0 |
| debian | debian_linux | 13.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Fast DDS, a C++ implementation of the Data Distribution Service (DDS) standard. When security mode is enabled, an attacker can modify the DATA Submessage within an SPDP packet sent by a publisher. Specifically, tampering with the fields PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN, and manipulating the vecsize value read by readOctetVector, can cause a 32-bit integer overflow.
This overflow leads to std::vector::resize requesting an attacker-controlled size, which quickly triggers an Out-Of-Memory (OOM) condition and causes the remote termination of the Fast DDS process.
The issue is fixed in Fast DDS versions 3.4.1, 3.3.1, and 2.6.11.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by remotely terminating the Fast DDS process through an Out-Of-Memory condition triggered by an attacker.
Such termination can disrupt communication and data distribution services relying on Fast DDS, potentially impacting applications or systems that depend on it for real-time data exchange.
The overall impact is considered minor based on Debian Security Advisories and bug reports.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves tampering with the DATA Submessage within an SPDP packet sent by a publisher in Fast DDS, causing an Out-Of-Memory condition. Detection would require monitoring network traffic for malformed SPDP packets or unusual memory usage patterns in Fast DDS processes.
Specific commands or tools to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Fast DDS to version 3.4.1 or later, where the vulnerability has been patched.
Until the patched version is deployed, monitor and restrict network access to Fast DDS services to reduce exposure to potentially malicious SPDP packets.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information provided in the available context or resources regarding how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.