CVE-2024-10838

March 12, 2025, 1:15 p.m.

None
No Score

Description

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

Product(s) Impacted

Vendor Product Versions
Eclipse
  • Eclipse
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-191
Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a eclipse eclipse / / / / / / / /

References

https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5
https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42
https://gitlab.eclipse.org/security/cve-assignement/-/issues/46

Tags

CWE-191
emo@eclipse.org
2025-03-12
CVE-2024-10838

Date

  • Published: March 12, 2025, 1:15 p.m.
  • Last Modified: March 12, 2025, 1:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

emo@eclipse.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.