Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-62799

Good to know:

icon
icon

Date: February 3, 2026

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a single malformed RTPS DATA_FRAG packet where "fragmentSize" and "sampleSize" are craft ed to violate internal assumptions. Due to a 4-byte alignment step during fragment metadata initialization, the code write s past the end of the allocated payload buffer, causing immediate crash (DoS) and potentially enabling memory corruption ( RCE risk). Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.

Severity Score

Related Resources (6)

https://github.com/eProsima/Fast-DDS/commit/955c8a15899dc6eb409e080fe7dc89e142d5a514
https://security-tracker.debian.org/tracker/CVE-2025-62799
https://github.com/eProsima/Fast-DDS/commit/0c3824ef4991628de5dfba240669dc6172d63b46
https://nvd.nist.gov/vuln/detail/CVE-2025-62799
https://github.com/eProsima/Fast-DDS/commit/d6dd58f4ecd28cd1c3bc4ef0467be9110fa94659
https://www.mend.io/vulnerability-database/CVE-2025-62799

Severity Score

Weakness Type (CWE)

Heap-based Buffer Overflow

CWE-122

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/eProsima/Fast-DDS.git - v3.4.1;https://github.com/eProsima/Fast-DDS.git - v2.6.11;https://github.com/eProsima/Fast-DDS.git - v3.3.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us