CVE-2024-52060

Summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45.

Affected Software

VendorProductVersion RangeStatus
RTIConnext Professional7.0.0 < 7.3.0.5affected
RTIConnext Professional6.1.0 < 6.1.2.21affected
RTIConnext Professional6.0.0 < 6.0.1.40affected
RTIConnext Professional5.3.0 < 5.3.1.45affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References