Introduction

This page contains a list of all RTI® Connext® vulnerabilities that have been published through the CVE® Program.

Note

Since this document only contains vulnerabilities published through the CVE® Program, the vulnerabilities listed in this document are a subset of the vulnerabilities published in the RTI Security Notices.

To receive further updates on vulnerabilities found in RTI products, including those that are not disclosed through the public CVE, please subscribe to our security notification list by sending an email to security@rti.com.

If you believe you have found a vulnerability affecting RTI products, please report it to us by sending an email to security@rti.com.

RTI’s Approach to Vulnerability Detection and Management

RTI considers vulnerabilities regardless of the source. We define a vulnerability as a product bug that affects the integrity or confidentiality of the system using our products, and can be triggered externally to the application. We follow industry practices, such as CVSS score, to assess the severity of vulnerabilities. Our software bill of materials (SBOM) (located in the Connext installation directory) details the third-party software included in RTI’s products. Starting in Connext 7.3.0, we provide the SBOM in CycloneDX and SPDX formats. When a vulnerability is reported in third-party software, RTI assesses its impact on RTI’s products.

RTI applies best practices to detect vulnerabilities, including a secure coding standard, the use of static and dynamic analysis tools, fuzz testing, and long-running endurance tests.

RTI releases security patches for active LTS releases (see Connext Releases). We proactively create patches for most commonly used architectures in LTS releases. Customers can request patches for other architectures by contacting RTI Support (see the RTI Customer Portal). We include fixes to critical vulnerabilities in third-party software once a patch is available by the provider that is compatible with the version used in RTI’s software.

RTI software distribution through the RTI Customer Portal includes a SHA-256 hash. Releases starting in 2024 are signed.

RTI communicates the availability of new security patches and shares sufficient details (such as CVSS score/vector and mitigation options) about the fixes to enable RTI customers to do their own risk analysis. To join or be removed from the RTI Security Notification list, please send a request with your contact and company/program information to security@rti.com.

2024

CVE-2024-25724

[Critical] Potential buffer overflow in Cloud Discovery Service while parsing an XML document

Potential buffer overflow in Cloud Discovery Service while parsing an XML document.

User Impact without Security

• Exploitable through a compromised local file system containing a malicious XML file.

• Exploitable through a compromised call to the RTI_CDS_Service_new public API containing malicious parameters.

• Remotely exploitable through malicious RTPS messages.

• Cloud Discovery Service could crash or leak sensitive information. An attacker could compromise Cloud Discovery Service integrity or execute malicious code with system privileges.

• CVSS Base Score: 9.4 CRITICAL

• CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

User Impact with Security

• Exploitable through a compromised local file system containing a malicious XML file.

• Exploitable through a compromised call to the RTI_CDS_Service_new public API containing malicious parameters.

• Remotely exploitable through malicious RTPS messages.

• Cloud Discovery Service could crash or leak sensitive information. An attacker could compromise Cloud Discovery Service integrity or execute malicious code with system privileges.

• CVSS Base Score: 7.3 HIGH

• CVSS v3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Mitigations

• Use Connext Secure RTPS protection to prevent Network Attack Vector, AND

• Restrict permissions for writing to the configuration files Cloud Discovery Service uses to prevent Local Attack Vector.

Associated Issue IDs

• [CVE Issue ID CVE-2024-25724]

• [RTI Issue ID CDS-222]

Affected RTI Connext Professional Releases

• Introduced in: 5.3.1

• Fixed in: 6.1.1

[Critical] Potential buffer overflow in Recording Service while parsing an XML document

Potential buffer overflow in Recording Service while parsing an XML document.

User Impact without Security

• Exploitable through a compromised local file system containing a malicious XML file.

• Exploitable through a compromised call to the rti::recording::Service() public API containing malicious parameters.

• Remotely exploitable through malicious RTPS messages.

• Recording Service could crash or leak sensitive information. An attacker could compromise Recording Service integrity or execute malicious code with system privileges.

• CVSS Base Score: 9.4 CRITICAL

• CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

User Impact with Security

• Exploitable through a compromised local file system containing a malicious XML file.

• Exploitable through a compromised call to the rti::recording::Service() public API containing malicious parameters.

• Remotely exploitable through malicious RTPS messages.

• Recording Service could crash or leak sensitive information. An attacker could compromise Recording Service integrity or execute malicious code with system privileges.

• CVSS Base Score: 7.3 HIGH

• CVSS v3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Mitigations

• Use Connext Secure RTPS protection to prevent Network Attack Vector, AND

• Restrict permissions for writing to the configuration files Recording Service uses to prevent Local Attack Vector.

Associated Issue IDs

• [CVE Issue ID CVE-2024-25724]

• [RTI Issue ID RECORD-1418]

Affected RTI Connext Professional Releases

• Introduced in: 5.3.1

• Fixed in: 5.3.1.44, 6.0.1.35

[Critical] Potential buffer overflow in Routing Service while parsing an XML document

Potential buffer overflow in Routing Service while parsing an XML document.

User Impact without Security

• Exploitable through a compromised local file system containing a malicious XML file.

• Exploitable through a compromised call to the RTI_RoutingService_new public API containing malicious parameters.

• Remotely exploitable through malicious RTPS messages.

• Routing Service could crash or leak sensitive information. An attacker could compromise Routing Service integrity or execute malicious code with system privileges.

• CVSS Base Score: 9.4 CRITICAL

• CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

User Impact with Security

• Exploitable through a compromised local file system containing a malicious XML file.

• Exploitable through a compromised call to the RTI_RoutingService_new public API containing malicious parameters.

• Routing Service could crash or leak sensitive information. An attacker could compromise Routing Service integrity or execute malicious code with system privileges.

• CVSS Base Score: 7.3 HIGH

• CVSS v3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Mitigations

• Use Connext Secure RTPS protection to prevent Network Attack Vector, AND

• Restrict permissions for writing to the configuration files Routing Service uses to prevent Local Attack Vector.

Associated Issue IDs

• [CVE Issue ID CVE-2024-25724]

• [RTI Issue ID ROUTING-1092]

Affected RTI Connext Professional Releases

• Introduced in: 5.3.1

• Fixed in: 5.3.1.44, 6.0.1.35

Acknowledgements

Found by Philip Pettersson <ppettersson@zoox.com>

[Critical] Potential buffer overflow in Queuing Service while parsing an XML document

Potential buffer overflow in Queuing Service while parsing an XML document.

User Impact without Security

• Exploitable through a compromised local file system containing a malicious XML file.

• Exploitable through a compromised call to the RTI_QueuingService_new public API containing malicious parameters.

• Remotely exploitable through malicious RTPS messages.

• Queuing Service could crash or leak sensitive information. An attacker could compromise Queuing Service integrity or execute malicious code with system privileges.

• CVSS Base Score: 9.4 CRITICAL

• CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

User Impact with Security

• Exploitable through a compromised local file system containing a malicious XML file.

• Exploitable through a compromised call to the RTI_QueuingService_new public API containing malicious parameters.

• Queuing Service could crash or leak sensitive information. An attacker could compromise Queuing Service integrity or execute malicious code with system privileges.

• CVSS Base Score: 7.3 HIGH

• CVSS v3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Mitigations

• Use Connext Secure RTPS protection to prevent Network Attack Vector, AND

• Restrict permissions for writing to the configuration files Queing Service uses to prevent Local Attack Vector.

Associated Issue IDs

• [CVE Issue ID CVE-2024-25724]

• [RTI Issue ID QUEUEING-759]

Affected RTI Connext Professional Releases

• Introduced in: 5.3.1

• Fixed in: 5.3.1.44, 6.0.1.35

2022-2023

There were no RTI Connext vulnerabilities published through the CVE® Program in 2022-2023.

2021

CVE-2021-38435

[Critical] Potential Crash Upon Receiving a Corrupted data(p)

Potential crash upon receiving a corrupted data(p).

User Impact without Security

• Remotely exploitable.

• Crash application. Potentially impacting confidentiality/integrity of Connext application.

• CVSS Base Score: 7.6 HIGH

• CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

User Impact with Security

• Remotely exploitable.

• Crash application. Potentially impacting confidentiality/integrity of Connext application.

• CVSS Base Score: 7.6 HIGH

• CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Mitigations

• Protect access to the network Connext applications are running in.

Associated Issue IDs

• [CVE Issue ID CVE-2021-38435]

• [RTI Issue ID CORE-11751]

Affected RTI Connext Professional Releases

• Introduced in: 4.1x

• Fixed in: 6.1.1, 6.1.0.3, 5.3.1.35, 4.5d.rev41, 5.2.3.36, 4.5d.rev42, 6.0.1.25, 5.2.3.37, 5.0.0.57, 5.3.0.25

CVE-2021-38433

[Critical] Potential stack buffer overflow while parsing an XML document

Potential stack buffer overflow while parsing an XML document.

User Impact without Security

• Remotely exploitable

• Crash application, remote code execution with Connext application privileges.

• CVSS Base Score: 7.6 HIGH

• CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

User Impact with Security

• Only exploitable from the same host where the Connext application is running.

• CVSS Base Score: 6.6 MEDIUM

• CVSS v3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Mitigations

• Protect access to the network Connext applications are running in / Use Connext Secure with RTPS protection.

• Restrict permissions for writing to the configuration files your Connext application uses.

Associated Issue IDs

• [CVE Issue ID CVE-2021-38433]

• [RTI Issue ID CORE-11750]

Affected RTI Connext Professional Releases

• Introduced in: 4.5x

• Fixed in: 7.0.0, 6.1.1, 6.1.0.3, 5.3.1.35, 4.5d.rev41, 5.2.3.36, 4.5d.rev42, 6.0.1.25, 5.2.3.37, 5.0.0.57, 5.3.0.25

CVE-2021-38427

[Critical] Potential stack buffer overflow while parsing an XML document

Potential stack buffer overflow while parsing an XML document.

User Impact without Security

• Remotely exploitable

• Crash application, remote code execution with Connext application privileges.

• CVSS Base Score: 7.6 HIGH

• CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

User Impact with Security

• Only exploitable from the same host where the Connext application is running.

• CVSS Base Score: 6.6 MEDIUM

• CVSS v3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Mitigations

• Protect access to the network Connext applications are running in / Use Connext Secure with RTPS protection.

• Restrict permissions for writing to the configuration files your Connext application uses.

Associated Issue IDs

• [CVE Issue ID CVE-2021-38427]

• [RTI Issue ID CORE-11749]

Affected RTI Connext Professional Releases

• Introduced in: 4.5x

• Fixed in: 7.0.0, 6.1.1, 6.1.0.3, 5.3.1.35, 4.5d.rev41, 5.2.3.36, 4.5d.rev42, 6.0.1.25, 5.2.3.37, 5.0.0.57, 5.3.0.25