CVE-2024-52065 MEDIUM

CVE-2024-52065: Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems

Vendor Rti
Product Connext Professional
Weakness CWE-120
Published December 13, 2024
Last update February 7, 2025

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.

Key dates

02Disclosure timeline

December 13, 2024 CVE published
February 7, 2025 Record updated