eProsima Fast-DDS is a high-performance data synchronization library used in various applications. This vulnerability allows attackers to bypass security checks and establish insecure connections, potentially leading to unauthorized access to sensitive data.
Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
To fix this issue:
- Upgrade to eProsima Fast-DDS version 3.4 or later.
- Immediately apply the following mitigations if an upgrade isn't possible:
- Set revoked flag to true in Permissions.cpp file (use a text editor, no compilation needed)
- Restrict network access to your application using firewalls or network segmentation