4.19. Vulnerabilities

4.19.1. Out-of-bounds read while deserializing malformed partition parameters from malicious RTPS message

An out-of-bounds read may have occurred while deserializing malformed partition parameters from a malicious RTPS message. This issue has been fixed.

4.19.1.1. User Impact without Security

A vulnerability in the Connext application could have resulted in the following:

  • Out-of-bounds read while parsing a malicious RTPS message.

  • Remotely exploitable.

  • Potential impact on confidentiality of Connext application.

  • CVSS Base Score: 6.5 MEDIUM

  • CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

4.19.1.2. User Impact with Security

Same as “User Impact without Security,” above.

[RTI Issue ID CORE-13669]

4.19.2. Out-of-bounds read while deserializing malformed IPv6 locator from malicious RTPS message

An out-of-bounds read may have occurred while deserializing a malformed IPv6 locator from a malicious RTPS message. This issue has been fixed.

4.19.2.1. User Impact without Security

A vulnerability in the Connext application could have resulted in the following:

  • Out-of-bounds read while parsing a malicious RTPS message.

  • Remotely exploitable.

  • Potential impact on confidentiality of Connext application.

  • CVSS Base Score: 6.5 MEDIUM

  • CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

4.19.2.2. User Impact with Security

Same as “User Impact without Security,” above.

[RTI Issue ID CORE-13764]

4.19.3. Remote modification of DomainParticipant names in unsecure system

In a system without security, a vulnerability in the Connext application could have potentially allowed remote attackers to modify the DomainParticipant name of any DomainParticipant in the system. This issue has been fixed.

4.19.3.1. User Impact without Security

A vulnerability in the Connext application could have resulted in the following:

  • Any DomainParticipant could have its participant’s name changed by an attacker.

  • Remotely exploitable.

  • Potential impact on integrity of Connext application.

  • CVSS Base Score: 5.3 MEDIUM

  • CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.19.3.2. User Impact with Security

No impact when using the Security Plugins if enabling rtps_protection or if discovery_protection_kind is different than NONE: in this case, participant discovery samples will be protected against tampering from an external malicious agent after authentication is completed. Moreover, non-legitimate changes in the participant discovery information before authentication are always prevented by the authentication process, which ensures that the participant discovery information is authentic.

[RTI Issue ID CORE-13817]