CVE-2021-38443

Critical

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in…

icscert·CWE-228·Published 2022-05-05

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

153 chars

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.

NVDen

153 chars

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.

Eclipse CycloneDDS versiones anteriores a 0.8.0, manejan inapropiadamente las estructuras no válidas, lo que puede permitir a un atacante escribir valores arbitrarios en el analizador XML

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	6.6	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
3.1	Primary	cve.org	6.6	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
3.1	Secondary	NVD	6.6	1.8	4.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H