OpenDDS is an open-source implementation of the OMG Data Distribution Service (DDS) standard. It's primarily used in real-time systems for high-performance data distribution and communication. The vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message, potentially disrupting critical operations.
You're affected if you use OpenDDS DDS versions prior to 3.33.0. To check if your system is vulnerable, run the following command: rtps -v on Linux or macOS, or rtps.exe /v on Windows. This will display the version number of the RTPS protocol implementation.
Note that this vulnerability does not affect OpenDDS-based applications directly; rather, it targets the RTPS protocol itself. Be cautious when running this command, as it may reveal sensitive information about your system's configuration.
To fix this vulnerability, upgrade to OpenDDS DDS version 3.33.0 or later from the official GitHub repository: https://github.com/lkloliver/open-dds
Immediate mitigations: