Which versions of Cyclone Data Distribution Service are affected by CVE-2024-10838?

CVE-2024-10838 presents significant security risk rated CVSS 8.8. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.. A patch is available.

Is there a public PoC exploit available for CVE-2024-10838?

Yes, a public proof-of-concept exploit is available for CVE-2024-10838. Prioritise patching immediately. EPSS: 1.1%.

How to fix or mitigate CVE-2024-10838?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Cyclone Data Distribution Service CVE-2024-10838

Q: What is the CVSS score of CVE-2024-10838?

CVE-2024-10838 has a CVSS 4.0 base score of 8.8 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 1.1%.

HIGH

Integer Underflow (CWE-191)

2025-03-12 emo@eclipse.org

Denial Of Service Deserialization Integer Overflow Cyclone Data Distribution Service

8.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:31 vuln.today

Patch released

Mar 28, 2026 - 18:31 nvd

Patch available

PoC Detected

Jul 31, 2025 - 16:33 vuln.today

Public exploit code

CVE Published

Mar 12, 2025 - 13:15 nvd

HIGH 8.8

DescriptionNVD

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

AnalysisAI

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-191. An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions. Affected products include: Eclipse Cyclone Data Distribution Service.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-10838 vulnerability details – vuln.today

Back

Cyclone Data Distribution Service CVE-2024-10838

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

Cyclone Data Distribution Service CVE-2024-10838

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code