Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability Affects RTI Connext Professional
CVE-2024-52060

8.3HIGH

Key Information:

Vendor

Rti

Status
Connext Professional
Vendor
CVE Published:
13 December 2024

What is CVE-2024-52060?

A buffer overflow vulnerability exists in RTI Connext Professional products, including Routing Service, Recording Service, Queuing Service, Observability Collector Service, and Cloud Discovery Service. This vulnerability allows attackers to exploit buffer overflow conditions through environment variables, potentially leading to unauthorized access or service disruptions. Versions affected include Connext Professional from 7.0.0 before 7.3.0.5, 6.1.0 before 6.1.2.21, 6.0.0 before 6.0.*, and 5.3.0 before 5.3.1.45. Customers are advised to review their systems and apply necessary patches.

Affected Version(s)

Connext Professional 7.0.0 < 7.3.0.5

Connext Professional 6.1.0 < 6.1.2.21

Connext Professional 6.0.0 < 6.0.1.40

References

https://www.rti.com/vulnerabilities/#cve-2024-52060

CVSS V4

Score:
8.3
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.