// For flags

CVE-2024-52060

Potential stack overflow when using XML configuration file referencing environment variables

Severity Score

8.3
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
High
None
Availability
Low
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-11-05 CVE Reserved
  • 2024-12-13 CVE Published
  • 2024-12-14 EPSS Updated
  • 2024-12-23 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
  • CAPEC-10: Buffer Overflow via Environment Variables
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
RTI
Search vendor "RTI"
Connext Professional
Search vendor "RTI" for product "Connext Professional"
>= 7.0.0.0 < 7.3.0.5
Search vendor "RTI" for product "Connext Professional" and version " >= 7.0.0.0 < 7.3.0.5"
en
Affected
RTI
Search vendor "RTI"
Connext Professional
Search vendor "RTI" for product "Connext Professional"
>= 6.1.0.0 < 6.1.2.21
Search vendor "RTI" for product "Connext Professional" and version " >= 6.1.0.0 < 6.1.2.21"
en
Affected
RTI
Search vendor "RTI"
Connext Professional
Search vendor "RTI" for product "Connext Professional"
>= 6.0.0.0 < 6.0.1.40
Search vendor "RTI" for product "Connext Professional" and version " >= 6.0.0.0 < 6.0.1.40"
en
Affected
RTI
Search vendor "RTI"
Connext Professional
Search vendor "RTI" for product "Connext Professional"
>= 5.3.0.0 < 5.3.1.45
Search vendor "RTI" for product "Connext Professional" and version " >= 5.3.0.0 < 5.3.1.45"
en
Affected