CVE-2024-26369 is a vulnerability identified in the HistoryQosPolicy component of FastDDS, an open-source implementation of the Data Distribution Service (DDS) protocol widely used for real-time data exchange in distributed systems. The affected versions include 2.6.x, 2.10.x, 2.11.x, and 2.12.x. The flaw manifests as a SIGABRT signal triggered upon receiving data from a DataWriter, which causes the FastDDS process to abort unexpectedly. This behavior indicates a denial of service condition where the application crashes, potentially disrupting communication between distributed components. The vulnerability is categorized under CWE-400, which relates to uncontrolled resource consumption or denial of service. The CVSS 3.1 base score is 7.5, reflecting a high severity due to the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact on confidentiality is rated high, suggesting that the vulnerability could lead to exposure or leakage of sensitive data during the crash or through side effects, although integrity and availability impacts are not explicitly noted beyond the denial of service. No patches or known exploits are currently reported, but the vulnerability's nature makes it a significant risk for systems relying on FastDDS for critical real-time communication, such as autonomous vehicles, industrial automation, and defense applications.

The primary impact of CVE-2024-26369 is denial of service caused by unexpected process termination (SIGABRT) in FastDDS applications. This can disrupt real-time data exchange in distributed systems, leading to operational downtime, loss of data continuity, and potential safety risks in critical environments like automotive, aerospace, and industrial control systems. The high confidentiality impact suggests that sensitive data might be exposed or improperly handled during the crash, increasing the risk of information leakage. Organizations relying on FastDDS for mission-critical communication may experience degraded system reliability and increased operational costs due to system restarts and troubleshooting. The lack of required privileges or user interaction for exploitation means attackers can remotely trigger the vulnerability, increasing the attack surface and risk of widespread disruption. Although no known exploits exist yet, the vulnerability's characteristics make it a likely target for attackers aiming to cause service outages or gather sensitive information by exploiting the crash behavior.

1. Restrict network access to FastDDS endpoints by implementing strict firewall rules and network segmentation to limit exposure to untrusted sources. 2. Monitor FastDDS processes for abnormal terminations and implement automated restart mechanisms to minimize downtime. 3. Employ application-layer filtering or validation to detect and block malformed or suspicious DataWriter messages that could trigger the SIGABRT. 4. Engage with the FastDDS community or vendor for updates and patches addressing this vulnerability as they become available. 5. Conduct thorough testing of FastDDS deployments under load and malformed input conditions to identify and mitigate potential crash triggers. 6. Where possible, isolate critical FastDDS components in hardened environments with minimal external exposure. 7. Implement logging and alerting for unusual network activity or process crashes to enable rapid incident response. 8. Consider alternative DDS implementations or versions not affected by this vulnerability if immediate patching is not feasible.