4.19. Vulnerabilities
4.19.1. Out-of-bounds read while deserializing malformed partition parameters from malicious RTPS message
An out-of-bounds read may have occurred while deserializing malformed partition parameters from a malicious RTPS message. This issue has been fixed.
4.19.1.1. User Impact without Security
A vulnerability in the Connext application could have resulted in the following:
Out-of-bounds read while parsing a malicious RTPS message.
Remotely exploitable.
Potential impact on confidentiality of Connext application.
CVSS Base Score: 6.5 MEDIUM
CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
4.19.1.2. User Impact with Security
Same as “User Impact without Security,” above.
[RTI Issue ID CORE-13669]
4.19.2. Out-of-bounds read while deserializing malformed IPv6 locator from malicious RTPS message
An out-of-bounds read may have occurred while deserializing a malformed IPv6 locator from a malicious RTPS message. This issue has been fixed.
4.19.2.1. User Impact without Security
A vulnerability in the Connext application could have resulted in the following:
Out-of-bounds read while parsing a malicious RTPS message.
Remotely exploitable.
Potential impact on confidentiality of Connext application.
CVSS Base Score: 6.5 MEDIUM
CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
4.19.2.2. User Impact with Security
Same as “User Impact without Security,” above.
[RTI Issue ID CORE-13764]
4.19.3. Remote modification of DomainParticipant names in unsecure system
In a system without security, a vulnerability in the Connext application could have potentially allowed remote attackers to modify the DomainParticipant name of any DomainParticipant in the system. This issue has been fixed.
4.19.3.1. User Impact without Security
A vulnerability in the Connext application could have resulted in the following:
Any DomainParticipant could have its participant’s name changed by an attacker.
Remotely exploitable.
Potential impact on integrity of Connext application.
CVSS Base Score: 5.3 MEDIUM
CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.19.3.2. User Impact with Security
No impact when using the Security Plugins if enabling rtps_protection
or if
discovery_protection_kind
is different than NONE: in this case, participant discovery
samples will be protected against tampering from an external malicious agent after
authentication is completed. Moreover, non-legitimate changes in the participant
discovery information before authentication are always prevented by the authentication
process, which ensures that the participant discovery information is authentic.
[RTI Issue ID CORE-13817]