CVE-2024-52066 HIGH

CVE-2024-52066: Potential stack corruption in Routing Service when using a malicious XML configuration document

Vendor Rti
Product Connext Professional
Weakness CWE-120
Published December 13, 2024
Last update February 6, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40.

Key dates

02Disclosure timeline

December 13, 2024 CVE published
February 6, 2025 Record updated