CVE-2023-24012 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure…
High CVSS: 8.2

CVE-2023-24012

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.
Vendor
-
Product
-
CWE
CWE-200
Yayın Tarihi
2025-01-09 15:15:11
Güncelleme
2025-01-09 16:15:31
Source Identifier
cve-coordination@incibe.es
KEV Date Added
-

Kategoriler

CWE-200 HIGH 2025

Referanslar

https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d https://github.com/ros2/sros2/issues/282 https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d