Unauthenticated OOB Heap Read via Integer Underflow in Deserialization
CVE-2024-10838 Published on March 12, 2025
Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.
Weakness Type
What is an Integer underflow Vulnerability?
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.
CVE-2024-10838 has been classified to as an Integer underflow vulnerability or weakness.
Products Associated with CVE-2024-10838
Want to know whenever a new CVE is published for Eclipse Cyclone Data Distribution Service? stack.watch will email you.
Affected Versions
Eclipse Foundation Eclipse Cyclone DDS:- Before 0.10.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.