CVE-2024-52060

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
RTICNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
rticonnext_professional
5.3.0 ≤
𝑥
< 5.3.1.45
rticonnext_professional
6.0.0 ≤
𝑥
< 6.0.1.40
rticonnext_professional
6.1.0 ≤
𝑥
< 6.1.2.21
rticonnext_professional
7.0.0 ≤
𝑥
< 7.3.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.rti.com/vulnerabilities/#cve-2024-52060