Last active
March 4, 2026 10:24
-
-
Save lkloliver/b00377bec754d4aa1dc731be210d5889 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE-ID] | |
| CVE-2025-63829 | |
| [PRODUCT] | |
| Fast-DDS - v3.3 | |
| [TYPE] | |
| Integer Overflow | |
| [DESCRIPTION] | |
| eProsima Fast-DDS <=v3.3 has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function | |
| [DETAILS] | |
| When the value of the parameter nanosec in the QoS policy is set to 1000000000, the following situation will occur: | |
| 1.The `nano_to_frac(nanosec)` function converts 1000000000 to its corresponding fraction value | |
| 2. Since fraction is of type uint32_t, its maximum value is 4294967295 (0xffffffff) | |
| 3. When the value of `fraction` reaches 4294967295, executing `++fraction` will result in integer overflow, causing `fraction` to become 0 | |
| 4. The value returned by `frac_to_nano(0)` will never be equal to 1000000000 | |
| 5. Therefore, the while loop condition `nano_check != nanosec` will always be true, resulting in an infinite loop | |
| [Mitigation & Fix Recommendations] | |
| - Add boundary checks for fraction values to prevent integer overflow | |
| - During the QoS policy verification phase, reject configurations with a nanosec value of 1000000000 | |
| [MORE] | |
| https://github.com/lkloliver/poc/tree/main/CVE-2025-63829 |
Author
Thank you so much for reaching out and reminding me about this—I completely forgot to follow up on it. I really appreciate you bringing it to my attention.
I’ll take a look at the discussion and report as suggested.
????
***@***.***
…------------------ 原始邮件 ------------------
发件人: "reply+AL6CQWP5M7TLCLDMXNQPUITKEFDVJEVBM7HARAPYQE" ***@***.***>;
发送时间: 2026年3月4日(星期三) 下午5:37
***@***.***>;
***@***.***>;
主题: Re: lkloliver/gist:b00377bec754d4aa1dc731be210d5889
@AbhishekTiwari07 commented on this gist.
Hi @lkloliver, I reached out to the eProsima team about the CVEs you found, and it turns out they haven’t been officially reported yet. They asked me to report them, but since you discovered these issues, it would be better if you report them directly. You can refer to this discussion for more details: eProsima/Fast-DDS#6324
—
Reply to this email directly, view it on GitHub or unsubscribe.
You are receiving this email because you were mentioned.
Triage notifications on the go with GitHub Mobile for iOS or Android.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @lkloliver, I reached out to the eProsima team about the CVEs you found, and it turns out they haven’t been officially reported yet. They asked me to report them, but since you discovered these issues, it would be better if you report them directly. You can refer to this discussion for more details: https://github.com/eProsima/Fast-DDS/discussions/6324