CVE-2021-38435: RTI's Connext ROS 2 Node hacking

by vmayoral
GNU/Linux ◆ xterm-256color ◆ bash 1401 views

This recording shows a proof of concept example of CVE-2021-38435 which leads ROS 2 Nodes powered by RTI Connext DDS to either crash or execute arbitrary code due to a network-exploitable buffer overflow.

This flaw affect the all RTI Connext DDS versions prior to 6.1.0 (vendor advisory). For additional information and more tutorials, refer to the Robot Hacking Manual (RHM).