CVE-2024-52060

Name of the Vulnerable Software and Affected Versions RTI Connext Professional versions 5.3.0 through 5.3.1.45 RTI Connext Professional versions 6.0.0 through 6.0.* RTI Connext Professional versions 6.1.0 through 6.1.2.21 RTI Connext Professional versions 7.0.0 through 7.3.0.5

Description The issue is a buffer copy without checking the size of the input, also known as a 'classic buffer overflow', in RTI Connext Professional. This problem affects various services including Routing Service, Recording Service, Queuing Service, Observability Collector Service, and Cloud Discovery Service. The buffer overflow can occur via environment variables.

Recommendations For versions 5.3.0 through 5.3.1.45, update to version 5.3.1.45 or later. For versions 6.0.0 through 6.0., update to a version after 6.0.. For versions 6.1.0 through 6.1.2.21, update to version 6.1.2.21 or later. For versions 7.0.0 through 7.3.0.5, update to version 7.3.0.5 or later. As a temporary workaround, consider restricting access to environment variables to minimize the risk of exploitation.