We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.
Reserved 2023-01-20 | Published 2025-01-09 | Updated 2025-01-09 | Assigner INCIBECWE-200 Exposure of Sensitive Information to an Unauthorized Actor
amrc-benmorrow
Gianluca Caizza
Ruffin White
Victor Mayoral Vilches
Mikael Arguedas
github.com/ros2/sros2/issues/282
gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d
Support options