CVE-2024-25724

Name of the Vulnerable Software and Affected Versions RTI Connext Professional versions 5.3.1 through 6.1.0

Description A buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI RoutingService new, rti::recording::Service, RTI QueuingService new, or RTI CDS Service new public APIs; or a compromised local file system containing a malicious XML file.

Recommendations For RTI Connext Professional versions 5.3.1 through 6.1.0, update to version 6.1.1 to protect against potential code execution and information leaks. As a temporary workaround, consider restricting access to the vulnerable services until the update is applied. Avoid using malicious parameters in the affected public APIs until the issue is resolved.