CVE-2024-52065

Name of the Vulnerable Software and Affected Versions RTI Connext Professional versions 5.3.1.40 through 5.3.1.41 RTI Connext Professional versions 6.1.1.2 through 6.1.2.21 RTI Connext Professional versions 7.0.0 through 7.3.0.2

Description The issue is a buffer copy without checking the size of the input, also known as a 'Classic Buffer Overflow' vulnerability, in RTI Connext Professional on non-Windows systems using the Persistence Service. This allows a buffer overflow via environment variables.

Recommendations For versions 5.3.1.40 through 5.3.1.41, update to a version after 5.3.1.41 to resolve the issue. For versions 6.1.1.2 through 6.1.2.21, update to a version after 6.1.2.21 to resolve the issue. For versions 7.0.0 through 7.3.0.2, update to a version after 7.3.0.2 to resolve the issue. As a temporary workaround, consider restricting access to environment variables in the Persistence Service to minimize the risk of exploitation.