CVE-2024-52062 MEDIUM

CVE-2024-52062: Potential stack buffer write overflow in Connext applications while parsing malicious XML types document

Vendor Rti
Product Connext Professional
Weakness CWE-120
Published December 13, 2024
Last update February 7, 2025

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.

Key dates

02Disclosure timeline

December 13, 2024 CVE published
February 7, 2025 Record updated