RTI Connext DDS Professional and Connext DDS Secure Incorrect Calculation of Buffer Size
CVE-2021-38435

6.6MEDIUM

Key Information:

Vendor: Rti
Status: Connext Dds Professional; Connext Dds Secure
Vendor: CVE Published:; 5 May 2022

What is CVE-2021-38435?

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.

Affected Version(s)

Connext DDS Professional 4.2x <= 6.1.0

Connext DDS Secure 4.2x <= 6.1.0

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02

https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Aug 10, 2021

Credit

Federico Maggi (Trend Micro Research), Ta-Lun Yen, and Chizuru Toyama (TXOne Networks, Trend Micro) reported these vulnerabilities to CISA. In addition, Patrick Kuo, Mars Cheng (TXOne Networks, Trend Micro), Víctor Mayoral-Vilches (Alias Robotics), and Erik Boasson (ADLINK Technology) also contributed to this research.