RTI Connext DDS Professional and Connext DDS Secure Stack-based Buffer Overflow
CVE-2021-38433

6.6MEDIUM

Key Information:

Vendor

Rti

Status
Connext Dds Professional
Connext Dds Secure
Vendor
CVE Published:
5 May 2022

What is CVE-2021-38433?

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.

Affected Version(s)

Connext DDS Professional 4.2x <= 6.1.0

Connext DDS Secure 4.2x <= 6.1.0

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Federico Maggi (Trend Micro Research), Ta-Lun Yen, and Chizuru Toyama (TXOne Networks, Trend Micro) reported these vulnerabilities to CISA. In addition, Patrick Kuo, Mars Cheng (TXOne Networks, Trend Micro), VĂ­ctor Mayoral-Vilches (Alias Robotics), and Erik Boasson (ADLINK Technology) also contributed to this research.
.