Introduction
This page contains a list of all RTI® Connext® vulnerabilities that have been published through the CVE® Program.
Note
Since this document only contains vulnerabilities published through the CVE® Program, the vulnerabilities listed in this document are a subset of the vulnerabilities published in the RTI Security Notices.
To receive further updates on vulnerabilities found in RTI products, including those that are not disclosed through the public CVE, please subscribe to our security notification list by sending an email to security@rti.com.
If you believe you have found a vulnerability affecting RTI products, please report it to us by sending an email to security@rti.com.
RTI’s Approach to Vulnerability Detection and Management
RTI considers vulnerabilities regardless of the source. We define a vulnerability as a product bug that affects the integrity or confidentiality of the system using our products, and can be triggered externally to the application. We follow industry practices, such as CVSS score, to assess the severity of vulnerabilities. Our software bill of materials (SBOM) (located in the Connext installation directory) details the third-party software included in RTI’s products. Starting in Connext 7.3.0, we provide the SBOM in CycloneDX and SPDX formats. When a vulnerability is reported in third-party software, RTI assesses its impact on RTI’s products.
RTI applies best practices to detect vulnerabilities, including a secure coding standard, the use of static and dynamic analysis tools, fuzz testing, and long-running endurance tests.
RTI releases security patches for active LTS releases (see Connext Releases). We proactively create patches for most commonly used architectures in LTS releases. Customers can request patches for other architectures by contacting RTI Support (see the RTI Customer Portal). We include fixes to critical vulnerabilities in third-party software once a patch is available by the provider that is compatible with the version used in RTI’s software.
RTI software distribution through the RTI Customer Portal includes a SHA-256 hash. Releases starting in 2024 are signed.
RTI communicates the availability of new security patches and shares sufficient details (such as CVSS score/vector and mitigation options) about the fixes to enable RTI customers to do their own risk analysis. To join or be removed from the RTI Security Notification list, please send a request with your contact and company/program information to security@rti.com.
Security Advisories
Note
Release 7.5.0 is currently scheduled to be released in Q2 2025.
2024
CVE-2024-52066
[Critical] Potential stack corruption in Routing Service when using a malicious XML configuration document
An out-of-bounds write on the stack in Routing Service could have occurred after loading a malicious XML QoS document.
User Impact without Security
A vulnerability in Routing Service while loading configurations via XML could have resulted in the following:
Routing Service could corrupt the stack.
Exploitable by providing a malicious XML document to Routing Service during startup or via remote administration.
Potential impact on the integrity of Routing Service when using the XML QoS document.
Potential crash in the application.
CVSS v3.1 Base Score: 9.1 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 8.3 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
User Impact with Security
A vulnerability in Routing Service while loading configurations via XML could have resulted in the following:
Routing Service could corrupt the stack.
Exploitable by providing a malicious XML document to Routing Service during startup.
Potential impact on the integrity of Routing Service when using the XML QoS document.
Potential crash in the application.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Use Security Plugins RTPS protection to prevent the Network Attack Vector (or a Governance Document with a value other than
NONEfor a*_protection_kindthat applies to the Routing Service’s remote administration topics), ANDRestrict permissions for writing to the configuration files Routing Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-120,CWE-121
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52066 ]
[ RTI Issue ID ROUTING-1257 ]
Affected RTI Connext Professional Releases
Introduced in:
6.0.0Fixed in:
6.1.2.21,7.3.0.5
CVE-2024-52065
[Critical] Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems
An out-of-bounds write on the stack could occur while parsing a malicious environment variable on non-Windows systems.
User Impact without Security
A vulnerability in the Persistence Service application could have resulted in the following:
Stack buffer overflow while parsing a malicious environment variable on non-Windows systems.
Exploitable by overwriting the
.environmentfile in the user’s home directory with a malicious.environmentfile.Potential impact on integrity of Persistence Service application.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
User Impact with Security
A vulnerability in the Persistence Service application could have resulted in the following:
Stack buffer overflow while parsing a malicious environment variable on non-Windows systems.
Exploitable by overwriting the
.environmentfile in the user’s home directory with a malicious.environmentfile.Potential impact on integrity of Persistence Service application.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Mitigations
Protect access to the file system from which Persistence Service is running.
CWE Classification
CWE-120,CWE-121,CWE-193
CAPEC Classification
CAPEC-10
Associated Issue IDs
[ CVE Issue ID CVE-2024-52065 ]
[ RTI Issue ID PERSISTENCE-362 ]
Affected RTI Connext Professional Releases
Introduced in:
7.0.0,5.3.1.40,6.1.1.2,6.1.2Fixed in:
7.4.0,7.3.0.2,6.1.2.21
CVE-2024-52064
[Critical] Potential stack buffer write overflow in Connext applications while parsing malicious license file
An out-of-bounds write on the stack could occur while parsing a malicious license file.
User Impact without Security
A vulnerability in the Connext application could have resulted in the following:
Stack buffer overflow while parsing a malicious license file.
Exploitable by overwriting the license file on the file system with a malicious license file.
Potential impact on integrity of Connext application.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
User Impact with Security
A vulnerability in the Connext application could have resulted in the following:
Stack buffer overflow while parsing a malicious license file.
Exploitable by overwriting the license file on the file system with a malicious license file.
Potential impact on integrity of Connext application.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Mitigations
Protect access to the file system from which Connext applications are loading license files.
CWE Classification
CWE-120,CWE-121,CWE-193
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52064 ]
[ RTI Issue ID CORE-14875 ]
Affected RTI Connext Professional Releases
Introduced in:
4.4xFixed in:
7.4.0,7.3.0.2,6.1.2.21,5.3.1.45
CVE-2024-52063
[Critical] Potential stack buffer write overflow in Connext applications while parsing malicious XML types document
An out-of-bounds write on the stack could have occurred while parsing a malicious XML types document.
User Impact without Security
A vulnerability in the Core Libraries affected all products that load types via XML, and could have resulted in the following:
Stack buffer overflow while parsing a malicious XML types document.
Exploitable by changing an XML configuration file on the file system.
Potential impact on the integrity of the application(s) using the XML types document.
Potential crash in the application.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
User Impact with Security
A vulnerability in the Core Libraries affected all products that load types via XML, and could have resulted in the following:
Stack buffer overflow while parsing a malicious XML types document.
Exploitable by changing an XML configuration file on the file system.
Potential impact on the integrity of the application(s) using the XML types document.
Potential crash in the application.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to Connext XML type files, to prevent the Local Attack Vector.
CWE Classification
CWE-120,CWE-121
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52063 ]
[ RTI Issue ID CORE-14872 ]
Affected RTI Connext Professional Releases
Introduced in:
4.4xFixed in:
7.4.0,6.1.2.21,7.3.0.5,5.3.1.45
[Critical] Potential stack buffer write overflow in Routing Service when parsing malicious XML types document
An out-of-bounds write on the stack in Routing Service could have occurred while parsing a malicious XML types document.
User Impact without Security
A vulnerability in Routing Service loading types via XML could have resulted in the following:
Stack buffer overflow while parsing a malicious XML types document.
Exploitable by changing an XML configuration file on the file system.
Potential impact on the integrity of Routing Service.
Potential crash in Routing Service.
In Routing Service, the vulnerability could potentially be triggered through the remote administration command
load.CVSS v3.1 Base Score: 9.1 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 8.3 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
User Impact with Security
A vulnerability in Routing Service loading types via XML could have resulted in the following:
Stack buffer overflow while parsing a malicious XML types document.
Exploitable by changing an XML configuration file on the file system.
Potential impact on the integrity of Routing Service.
Potential crash in Routing Service.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Use Security Plugins RTPS protection to prevent the Network Attack Vector, AND
Restrict permissions for writing to the configuration files Routing Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-120,CWE-121
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52063 ]
[ RTI Issue ID ROUTING-1238 ]
Affected RTI Connext Professional Releases
Introduced in:
4.4xFixed in:
7.4.0,6.1.2.21,7.3.0.5,5.3.1.45
CVE-2024-52062
[Critical] Potential stack buffer write overflow in Connext applications while parsing malicious XML types document
An out-of-bounds write on the stack could have occurred while parsing a malicious XML types document.
User Impact without Security
A vulnerability in the Core Libraries affected all products that load types via XML, and could have resulted in the following:
Stack buffer overflow while parsing a malicious XML types document.
Exploitable by changing an XML configuration file on the file system.
Potential impact on the integrity of the application(s) using the XML types document. Such applications could include Routing Service.
Potential crash in the application.
In the case of Routing Service, the vulnerability could potentially have been triggered through the remote administration command load, but a successful attack would have required a malicious XML include file to already exist in the system, so the “Attack Vector” score is still “Local”.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
User Impact with Security
A vulnerability in the Core Libraries affected all products that load types via XML, and could have resulted in the following:
Stack buffer overflow while parsing a malicious XML types document.
Exploitable by changing an XML configuration file on the file system.
Potential impact on the integrity of the application(s) using the XML types document. Such applications could include Routing Service.
Potential crash in the application.
In the case of Routing Service, the vulnerability could potentially have been triggered through the remote administration command load, but a successful attack would have required a malicious XML include file to already exist in the system, so the “Attack Vector” score is still “Local”.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to the Connext XML configuration files, to prevent the Local Attack Vector.
CWE Classification
CWE-120,CWE-121
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52062 ]
[ RTI Issue ID CORE-14871 ]
Affected RTI Connext Professional Releases
Introduced in:
4.4xFixed in:
7.4.0,6.1.2.21,7.3.0.5,5.3.1.45
CVE-2024-52061
[Critical] Potential stack buffer overflow in Connext applications when parsing an XML type
The stack may have been corrupted when parsing an XML type.
User Impact without Security
This vulnerability could have caused the following on any application using XML types:
Stack corruption leading to data corruption or crash.
Unbounded memory growth.
Exploitable through malicious RTPS messages.
Exploitable through a compromised local file system containing a malicious XML file.
CVSS v3.1 Base Score: 9.1 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 8.3 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
User Impact with Security
This vulnerability could have caused the following on any application using XML types:
Stack corruption leading to data corruption or crash.
Unbounded memory growth.
Exploitable through a compromised local file system containing a malicious XML file.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to Connext XML type files, to prevent the Local Attack Vector, AND
Use Security Plugins RTPS protection to prevent the Network Attack Vector. Alternatively, enable Security Plugins endpoint discovery protection by setting
discovery_protection_kindto a value other than NONE and settingenable_discovery_protectionto TRUE in your Governance Document.
CWE Classification
CWE-120,CWE-121,CWE-193
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52061 ]
[ RTI Issue ID CORE-14870 ]
Affected RTI Connext Professional Releases
Introduced in:
5.0.0Fixed in:
7.5.0,6.1.2.21,7.3.0.5,5.3.1.45
[Critical] Potential stack buffer overflow in Routing Service when discovering type or loading XML type with certain characteristics
The stack could have been corrupted when Routing Service discovered a malicious type or loaded a malicious XML type.
User Impact without Security
This vulnerability could cause the following in Routing Service:
Stack corruption leading to data corruption or crash.
Unbounded memory growth.
Exploitable through malicious RTPS messages.
Exploitable through a compromised local file system containing a malicious XML file.
Routing Service could be exploited by using a remote
loadadministration command with a malicious XML type.CVSS v3.1 Base Score: 9.1 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 8.3 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
User Impact with Security
This vulnerability could cause the following in Routing Service:
Stack corruption leading to data corruption or crash.
Unbounded memory growth.
Exploitable through a compromised local file system containing a malicious XML file.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to the configuration files Routing Service uses, to prevent the Local Attack Vector, AND
Use Security Plugins RTPS protection to prevent the Network Attack Vector.
CWE Classification
CWE-120,CWE-121,CWE-193
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52061 ]
[ RTI Issue ID ROUTING-1235 ]
Affected RTI Connext Professional Releases
Introduced in:
5.0.0Fixed in:
6.1.2.21,7.3.0.5,5.3.1.45
[Critical] Potential stack buffer overflow in Queuing Service when discovering type or loading XML type with certain characteristics
The stack could have been corrupted when Queuing Service discovered a malicious type or loaded a malicious XML type.
User Impact without Security
This vulnerability could cause the following in Queuing Service:
Stack corruption leading to data corruption or crash.
Unbounded memory growth.
Exploitable through malicious RTPS messages.
Exploitable through a compromised local file system containing a malicious XML file.
CVSS v3.1 Base Score: 9.1 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 8.3 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
User Impact with Security
This vulnerability could cause the following in Queuing Service:
Stack corruption leading to data corruption or crash.
Unbounded memory growth.
Exploitable through a compromised local file system containing a malicious XML file.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to the configuration files Queueing Service uses, to prevent the Local Attack Vector, AND
Use Security Plugins RTPS protection to prevent the Network Attack Vector. Alternatively, enable Security Plugins endpoint discovery protection by setting
discovery_protection_kindto a value other than NONE and settingenable_discovery_protectionto TRUE in your Governance Document.
CWE Classification
CWE-120,CWE-121,CWE-193
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52061 ]
[ RTI Issue ID QUEUEING-791 ]
Affected RTI Connext Professional Releases
Introduced in:
5.0.0Fixed in:
6.1.2.21,7.3.0.5,5.3.1.45
[Critical] Potential stack buffer overflow in Recording Service when discovering type or loading XML type with certain characteristics
The stack could have been corrupted when Recording Service discovered a malicious type or loaded a malicious XML type.
User Impact without Security
This vulnerability could cause the following in Recording Service:
Stack corruption leading to data corruption or crash.
Unbounded memory growth.
Exploitable through malicious RTPS messages.
Exploitable through a compromised local file system containing a malicious XML file.
CVSS v3.1 Base Score: 9.1 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 8.3 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
User Impact with Security
This vulnerability could cause the following in Recording Service:
Stack corruption leading to data corruption or crash.
Unbounded memory growth.
Exploitable through a compromised local file system containing a malicious XML file.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to the configuration files Recording Service uses, to prevent the Local Attack Vector, AND
Use Security Plugins RTPS protection to prevent the Network Attack Vector. Alternatively, enable Security Plugins endpoint discovery protection by setting
discovery_protection_kindto a value other than NONE and settingenable_discovery_protectionto TRUE in your Governance Document.
CWE Classification
CWE-120,CWE-121,CWE-193
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52061 ]
[ RTI Issue ID RECORD-1508 ]
Affected RTI Connext Professional Releases
Introduced in:
5.0.0Fixed in:
6.1.2.21,7.3.0.5,5.3.1.45
CVE-2024-52060
[Critical] Potential stack overflow in Cloud Discovery Service when using XML configuration file referencing environment variables
An out-of-bounds write on the stack in Cloud Discovery Service could have occurred while parsing XML files containing references to external environment variables.
User Impact without Security
This problem could have resulted in the following:
Stack buffer overflow in Cloud Discovery Service when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
User Impact with Security
This problem could have resulted in the following:
Stack buffer overflow in Cloud Discovery Service when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to the configuration files Cloud Discovery Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-120,CWE-121
CAPEC Classification
CAPEC-10
Associated Issue IDs
[ CVE Issue ID CVE-2024-52060 ]
[ RTI Issue ID CDS-256 ]
Affected RTI Connext Professional Releases
Introduced in:
5.3.0Fixed in:
7.4.0,6.1.2.21,7.3.0.5,5.3.1.45
[Critical] Potential stack overflow in Observability Collector Service when using XML configuration file referencing environment variables
An out-of-bounds write on the stack in Observability Collector Service could have occurred while parsing XML files containing references to external environment variables.
User Impact without Security
This vulnerability in Observability Collector Service could have resulted in the following:
Stack buffer overflow when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
User Impact with Security
This vulnerability in Observability Collector Service could have resulted in the following:
Stack buffer overflow when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to the configuration files Observability Collector Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-120,CWE-121
CAPEC Classification
CAPEC-10
Associated Issue IDs
[ CVE Issue ID CVE-2024-52060 ]
[ RTI Issue ID OCA-360 ]
Affected RTI Connext Professional Releases
Introduced in:
7.1.0Fixed in:
7.4.0,7.3.0.5
[Critical] Potential stack overflow in Queueing Service when using XML configuration file referencing environment variables
An out-of-bounds write on the stack in Queueing Service could occur while parsing XML files containing references to external environment variables.
User Impact without Security
This problem could result in the following:
Stack buffer overflow in Queueing Service when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
User Impact with Security
This problem could result in the following:
Stack buffer overflow in Queueing Service when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to the configuration files Queueing Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-120,CWE-121
CAPEC Classification
CAPEC-10
Associated Issue IDs
[ CVE Issue ID CVE-2024-52060 ]
[ RTI Issue ID QUEUEING-784 ]
Affected RTI Connext Professional Releases
Introduced in:
5.3.0Fixed in:
6.1.2.21,7.3.0.5,5.3.1.45
[Critical] Potential stack overflow in Recording Service when using XML configuration file referencing environment variables
An out-of-bounds write on the stack in Recording Service could have occurred while parsing XML files containing references to external environment variables.
User Impact without Security
A vulnerability in Recording Service could have resulted in the following:
Stack buffer overflow when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
User Impact with Security
A vulnerability in Recording Service could have resulted in the following:
Stack buffer overflow when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Mitigations
Restrict permissions for writing to the configuration files Recording Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-120,CWE-121
CAPEC Classification
CAPEC-10
Associated Issue IDs
[ CVE Issue ID CVE-2024-52060 ]
[ RTI Issue ID RECORD-1486 ]
Affected RTI Connext Professional Releases
Introduced in:
6.0.0Fixed in:
7.4.0,6.1.2.21,7.3.0.5
[Critical] Potential stack overflow in Routing Service when using XML configuration file referencing environment variables
An out-of-bounds write on the stack in Routing Service could have occurred while parsing XML files containing references to external environment variables.
User Impact without Security
A vulnerability in Routing Service could have resulted in the following:
Stack buffer overflow when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
Routing Service could be exploited by using a remote
loadadministration command with malicious XML code.CVSS v3.1 Base Score: 8.2 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 8.3 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
User Impact with Security
A vulnerability in Routing Service could have resulted in the following:
Stack buffer overflow when parsing a malicious XML file.
Exploitable by providing malicious XML code to the applications during startup.
A Governance Document that has a value other than NONE for a *_protection_kind that applies to the Routing Service’s remote administration topics would defend against any attacks over the network.
CVSS v3.1 Base Score: 6.1 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Mitigations
Use Security Plugins RTPS protection to prevent the Network Attack Vector, AND
Restrict permissions for writing to the configuration files Routing Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-120,CWE-121
CAPEC Classification
CAPEC-10
Associated Issue IDs
[ CVE Issue ID CVE-2024-52060 ]
[ RTI Issue ID ROUTING-1223 ]
Affected RTI Connext Professional Releases
Introduced in:
5.3.0Fixed in:
7.4.0,6.1.2.21,7.3.0.5,5.3.1.45
CVE-2024-52059
[Critical] Potential heap buffer overflow in Security Plugins while creating a DomainParticipant that uses a malformed Identity Certificate
The Security Plugins were affected by a heap buffer overflow vulnerability that occurred while creating a DomainParticipant that used a malformed Identity Certificate.
User Impact without Security
NONE
User Impact with Security
The impact on Security Plugins applications of using the previous version was as follows:
Exploitable by overwriting the Identity Certificate on the file system with a malicious Identity Certificate that does not even need to be properly signed by the Identity CA.
The application could have experienced a heap buffer overwrite during creation of a new DomainParticipant that attempted to use the malicious Identity Certificate, impacting the integrity and availability of the application.
This problem was much easier to exploit on a 32-bit architecture. On a 64-bit architecture, this problem affected only the Security Plugins for OpenSSL, not wolfSSL.
The problem was only exploitable if the
authentication.propagate_simplified_identity_certificateproperty was unset or set toTRUE.CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score: 6.9 MEDIUM
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Any one of the following steps is sufficient to mitigate the problem:
Protect access to the file system from which Connext applications are loading certificates.
Use the
data:,prefix to specify thedds.sec.auth.identity_certificateproperty value.Set the
authentication.propagate_simplified_identity_certificateproperty toFALSE.If available for your platform, use wolfSSL instead of OpenSSL. This mitigation only works if your architecture is 64-bit.
CWE Classification
CWE-120,CWE-122,CWE-190
CAPEC Classification
CAPEC-46
Associated Issue IDs
[ CVE Issue ID CVE-2024-52059 ]
[ RTI Issue ID SEC-2444 ]
Affected RTI Connext Professional Releases
Introduced in:
6.1.0Fixed in:
7.4.0,6.1.2.17,7.3.0.2
CVE-2024-52058
[Major] Potential arbitrary command execution in System Designer while parsing malicious HTTP/REST requests
There was the potential for arbitrary command execution while parsing malicious HTTP/REST requests.
User Impact without Security
An improper neutralization of special elements used in System Designer HTTP/REST requests could have resulted in the following:
Arbitrary command execution.
Remotely exploitable from the same host on which System Designer was running.
CVSS v3.1 Base Score: 8.4 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score: 8.6 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
User Impact with Security
An improper neutralization of special elements used in System Designer HTTP/REST requests could have resulted in the following:
Arbitrary command execution.
Remotely exploitable from the same host on which System Designer was running.
CVSS v3.1 Base Score: 8.4 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score: 8.6 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Mitigations
Limit privileges of the System Designer process and limit access to the host System Designer is running into.
CWE Classification
CWE-78
CAPEC Classification
CAPEC-88
Associated Issue IDs
[ CVE Issue ID CVE-2024-52058 ]
[ RTI Issue ID SYSD-1218 ]
Affected RTI Connext Professional Releases
Introduced in:
6.1.0Fixed in:
7.4.0,6.1.2.19,7.3.0.2
CVE-2024-52057
[Critical] Potential arbitrary SQL query execution in Queueing Service while parsing malicious remote commands or configuration files
There was the potential for arbitrary SQL query execution in Queueing Service while parsing malicious remote administration commands or loading a malicious configuration file. This vulnerability is now fixed.
User Impact without Security
A SQL Injection vulnerability in Queueing Service could have resulted in the following:
Arbitrary SQL query execution.
Remotely exploitable.
Potential impact on integrity and confidentiality of Queueing Service.
CVSS v3.1 Base Score: 9.1 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS v4.0 Base Score: 9.1 CRITICAL
CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
User Impact with Security
When enabling RTPS protection, the impact of the SQL Injection vulnerability in Queueing Service was reduced, resulting in the following:
Arbitrary SQL query execution.
Exploitable from the same host Queueing Service is running.
Potential impact on integrity and confidentiality of Queueing Service.
CVSS v3.1 Base Score: 7.1 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS v4.0 Base Score: 8.4 HIGH
CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Mitigations
Use Security Plugins RTPS protection to prevent the Network Attack Vector, AND
Restrict permissions for writing to the configuration files Queueing Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-89
CAPEC Classification
CAPEC-66
Associated Issue IDs
[ CVE Issue ID CVE-2024-52057 ]
[ RTI Issue ID QUEUEING-756 ]
Affected RTI Connext Professional Releases
Introduced in:
5.2.0Fixed in:
7.3.0,6.1.2.17
CVE-2024-25724
[Critical] Potential buffer overflow in Cloud Discovery Service while parsing XML document
There was potential for a buffer overflow in Cloud Discovery Service while parsing an XML document.
User Impact without Security
Exploitable through a compromised local file system containing a malicious XML file.
Exploitable through a compromised call to the
RTI_CDS_Service_newpublic API containing malicious parameters.Remotely exploitable through malicious RTPS messages.
Cloud Discovery Service could crash or leak sensitive information. An attacker could compromise Cloud Discovery Service integrity or execute malicious code with system privileges.
CVSS v3.1 Base Score: 9.4 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
User Impact with Security
Exploitable through a compromised local file system containing a malicious XML file.
Exploitable through a compromised call to the
RTI_CDS_Service_newpublic API containing malicious parameters.Cloud Discovery Service could crash or leak sensitive information. An attacker could compromise Cloud Discovery Service integrity or execute malicious code with system privileges.
CVSS v3.1 Base Score: 7.3 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Mitigations
Use Security Plugins RTPS protection to prevent the Network Attack Vector, AND
Restrict permissions for writing to the configuration files Cloud Discovery Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-121
Associated Issue IDs
[ CVE Issue ID CVE-2024-25724 ]
[ RTI Issue ID CDS-222 ]
Affected RTI Connext Professional Releases
Introduced in:
5.3.1Fixed in:
6.1.1,5.3.1.44,6.0.1.35
[Critical] Potential buffer overflow in Queuing Service while parsing an XML document.
Potential buffer overflow in Queuing Service while parsing an XML document.
User Impact without Security
Exploitable through a compromised local file system containing a malicious XML file.
Exploitable through a compromised call to the
RTI_QueuingService_newpublic API containing malicious parameters.Remotely exploitable through malicious RTPS messages.
Queuing Service could crash or leak sensitive information. An attacker could compromise Queuing Service integrity or execute malicious code with system privileges.
CVSS v3.1 Base Score: 9.4 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
User Impact with Security
Exploitable through a compromised local file system containing a malicious XML file.
Exploitable through a compromised call to the
RTI_QueuingService_newpublic API containing malicious parameters.Queuing Service could crash or leak sensitive information. An attacker could compromise Queuing Service integrity or execute malicious code with system privileges.
CVSS v3.1 Base Score: 7.3 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Mitigations
Use Security Plugins RTPS protection to prevent the Network Attack Vector, AND
Restrict permissions for writing to the configuration files Queuing Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-121
Associated Issue IDs
[ CVE Issue ID CVE-2024-25724 ]
[ RTI Issue ID QUEUEING-759 ]
Affected RTI Connext Professional Releases
Introduced in:
5.3.1Fixed in:
5.3.1.44,6.0.1.35
[Critical] Potential buffer overflow in Recording Service while parsing an XML document.
Potential buffer overflow in Recording Service while parsing an XML document.
User Impact without Security
Exploitable through a compromised local file system containing a malicious XML file.
Exploitable through a compromised call to
rti::recording::Service()public API containing malicious parameters.Remotely exploitable through malicious RTPS messages.
Recording Service could crash or leak sensitive information. An attacker could compromise Recording Service integrity or execute malicious code with system privileges.
CVSS v3.1 Base Score: 9.4 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
User Impact with Security
Exploitable through a compromised local file system containing a malicious XML file.
Exploitable through a compromised call to the
rti::recording::Service()public API constructor containing malicious parameters.Recording Service could crash or leak sensitive information. An attacker could compromise Recording Service integrity or execute malicious code with system privileges.
CVSS v3.1 Base Score: 7.3 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Mitigations
Use Security Plugins RTPS protection to prevent the Network Attack Vector, AND
Restrict permissions for writing to the configuration files Recording Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-121
Associated Issue IDs
[ CVE Issue ID CVE-2024-25724 ]
[ RTI Issue ID RECORD-1418 ]
Affected RTI Connext Professional Releases
Introduced in:
5.3.1Fixed in:
5.3.1.44,6.0.1.35
[Critical] Potential buffer overflow in Routing Service while parsing an XML document.
Potential buffer overflow in Routing Service while parsing an XML document.
User Impact without Security
Exploitable through a compromised local file system containing a malicious XML file.
Exploitable through a compromised call to the
RTI_RoutingService_newpublic API containing malicious parameters.Remotely exploitable through malicious RTPS messages.
Routing Service could crash or leak sensitive information. An attacker could compromise Routing Service integrity or execute malicious code with system privileges.
CVSS v3.1 Base Score: 9.4 CRITICAL
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
User Impact with Security
Exploitable through a compromised local file system containing a malicious XML file.
Exploitable through a compromised call to the
RTI_RoutingService_newpublic API containing malicious parameters.Routing Service could crash or leak sensitive information. An attacker could compromise Routing Service integrity or execute malicious code with system privileges.
CVSS v3.1 Base Score: 7.3 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Mitigations
Use Security Plugins RTPS protection to prevent the Network Attack Vector, AND
Restrict permissions for writing to the configuration files Routing Service uses, to prevent the Local Attack Vector.
CWE Classification
CWE-121
Associated Issue IDs
[ CVE Issue ID CVE-2024-25724 ]
[ RTI Issue ID ROUTING-1092 ]
Affected RTI Connext Professional Releases
Introduced in:
5.3.1Fixed in:
5.3.1.44,6.0.1.35
Acknowledgments
Found by Philip Pettersson <ppettersson@zoox.com>
2023
CVE-2023-46219
[Critical] Potential deletion of HSTS data in Observability Collector Service when saving to an excessively long file name
Observability Collector Service had a third-party dependency on Curl 8.1.2, which is known to be affected by a number of publicly disclosed vulnerabilities. These vulnerabilities have been fixed by upgrading Curl to the latest stable version, 8.5.0.
User Impact without Security
This vulnerability affected Connext 7.2.0 applications using the Observability Collector Service, as follows:
When saving HSTS data to an excessively long file name, Curl could end up removing all contents.
Subsequent requests using that file were unaware of the HSTS status they should otherwise use.
CVSS v3.1 Base Score: 5.3 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
User Impact with Security
This vulnerability affected Connext 7.2.0 applications using the Observability Collector Service, as follows:
When saving HSTS data to an excessively long file name, Curl could end up removing all contents.
Subsequent requests using that file were unaware of the HSTS status they should otherwise use.
CVSS v3.1 Base Score: 5.3 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Mitigations
Ensure that name of the file where HSTS data will be saved isn’t close to the length limit imposed by the machine’s file system, or avoid using HSTS.
CWE Classification
CWE-641
Associated Issue IDs
[ CVE Issue ID CVE-2023-46219 ]
[ RTI Issue ID OCA-324 ]
Affected RTI Connext Professional Releases
Introduced in:
7.2.0Fixed in:
7.3.0
CVE-2023-38039
[Critical] Potential out-of-memory error in Observability Collector Service while parsing an endless series of headers
Observability Collector Service had a third-party dependency on Curl 8.1.2, which is known to be affected by a number of publicly disclosed vulnerabilities. These vulnerabilities have been fixed by upgrading Curl to the latest stable version, 8.5.0.
User Impact without Security
This vulnerability affected Connext 7.2.0 applications using Observability Collector Service, as follows:
Exploitable by streaming an endless series of headers to the application using Curl.
The application could run out of memory.
CVSS v3.1 Base Score: 7.5 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
User Impact with Security
This vulnerability affected Connext 7.2.0 applications using Observability Collector Service, as follows:
Exploitable by streaming an endless series of headers to the application using Curl.
The application could run out of memory.
CVSS v3.1 Base Score: 7.5 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Mitigations
Configure Observability Collector Service to send its data to trust-worthy servers.
CWE Classification
CWE-770
Associated Issue IDs
[ CVE Issue ID CVE-2023-38039 ]
[ RTI Issue ID OCA-303 ]
Affected RTI Connext Professional Releases
Introduced in:
7.2.0Fixed in:
7.3.0
2021
CVE-2021-38487
[Critical] Potential network amplification attack when receiving malicious data(p)
Potential network amplification attack when receiving malicious data(p).
This issue was originally filed as an issue in the OMG DDS RTPS specification (DDSIRTP26-6), where a modified RTPS participant announcement packet can trigger unwanted traffic, and potentially be used as part of a DoS attack. The OMG later refiled this issue as an OMG DDS Security specification issue under DDSSEC12-94. DDSSEC12-94 has been resolved in the most recent version of OMG DDS Security 1.2 specification.
User Impact without Security
Not applicable. This attack is out of the threat model for DDS systems not using Security Extensions.
User Impact with Security
Remotely exploitable.
Target nodes are forced to generate additional discovery traffic, potentially flooding the network.
CVSS v3.1 Base Score: 7.5 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Mitigations
Enable Security Plugins RTPS PSK Protection (7.3.0) or Participant Discovery Protection (6.1.0).
Associated Issue IDs
[ CVE Issue ID CVE-2021-38487 ]
[ RTI Issue IDs SEC-1446, SEC-1244 ]
Affected RTI Connext Professional Releases
Introduced in:
4.1xFixed in:
6.1.0
CVE-2021-38435
[Critical] Potential crash upon receiving a corrupted data(p)
Potential crash upon receiving a corrupted data(p).
User Impact without Security
Remotely exploitable.
Application crash. Potentially affecting confidentiality/integrity of Connext application.
CVSS v3.1 Base Score: 7.6 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
User Impact with Security
Remotely exploitable.
Application crash. Potentially affecting confidentiality/integrity of Connext application.
CVSS v3.1 Base Score: 7.6 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Mitigations
Protect access to the network Connext applications are running in.
CWE Classification
CWE-125
Associated Issue IDs
[ CVE Issue ID CVE-2021-38435 ]
[ RTI Issue ID CORE-11751 ]
Affected RTI Connext Professional Releases
Introduced in:
4.1xFixed in:
6.1.1,6.1.0.3,5.3.1.35,4.5d.rev41,5.2.3.36,4.5d.rev42,6.0.1.25,5.2.3.37,5.0.0.57,5.3.0.25
CVE-2021-38433
[Critical] Potential stack buffer overflow while parsing an XML document
Potential stack buffer overflow while parsing an XML document.
User Impact without Security
Remotely exploitable.
Application crash, remote code execution with Connext application privileges.
CVSS v3.1 Base Score: 7.6 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
User Impact with Security
Only exploitable from the same host where the Connext application is running.
CVSS v3.1 Base Score: 6.6 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Mitigations
Protect access to the network Connext applications are running in, or use Security Plugins RTPS protection.
Restrict permissions for writing to the configuration files your Connext application uses.
CWE Classification
CWE-121
Associated Issue IDs
[ CVE Issue ID CVE-2021-38433 ]
[ RTI Issue ID CORE-11750 ]
Affected RTI Connext Professional Releases
Introduced in:
4.5xFixed in:
7.0.0,6.1.1,6.1.0.3,5.3.1.35,4.5d.rev41,5.2.3.36,4.5d.rev42,6.0.1.25,5.2.3.37,5.0.0.57,5.3.0.25
CVE-2021-38427
[Critical] Potential stack buffer overflow while parsing an XML document
Potential stack buffer overflow while parsing an XML document.
User Impact without Security
Remotely exploitable.
Application crash, remote code execution with Connext application privileges.
CVSS v3.1 Base Score: 7.6 HIGH
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
User Impact with Security
Only exploitable from the same host where the Connext application is running.
CVSS v3.1 Base Score: 6.6 MEDIUM
CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Mitigations
Protect access to the network Connext applications are running in, or use Security Plugins RTPS protection.
Restrict permissions for writing to the configuration files your Connext application uses.
CWE Classification
CWE-121
Associated Issue IDs
[ CVE Issue ID CVE-2021-38427 ]
[ RTI Issue ID CORE-11749 ]
Affected RTI Connext Professional Releases
Introduced in:
4.5xFixed in:
7.0.0,6.1.1,6.1.0.3,5.3.1.35,4.5d.rev41,5.2.3.36,4.5d.rev42,6.0.1.25,5.2.3.37,5.0.0.57,5.3.0.25