CVE-2024-52065

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.rti.com/vulnerabilities/#cve-2024-52065	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rti:connext_professional::::::::
	cpe:2.3:a:rti:connext_professional::::::::
	cpe:2.3:a:rti:connext_professional:5.3.1.40:::::::*

History

No history.

Information

Published : 2024-12-13 11:15

Updated : 2025-10-02 13:50

NVD link : CVE-2024-52065

Mitre link : CVE-2024-52065

CVE.ORG link : CVE-2024-52065

JSON object : View

Products Affected

rti

connext_professional

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-52065", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "3f572a00-62e2-4423-959a-7ea25eff1638", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-13T11:15:09.153", "references": [{"url": "https://www.rti.com/vulnerabilities/#cve-2024-52065", "tags": ["Vendor Advisory"], "source": "3f572a00-62e2-4423-959a-7ea25eff1638"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "3f572a00-62e2-4423-959a-7ea25eff1638", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41."}, {"lang": "es", "value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada ('desbordamiento de b\u00fafer cl\u00e1sico') en RTI Connext Professional en sistemas que no son Windows (servicio de persistencia) permite un desbordamiento de b\u00fafer a trav\u00e9s de variables de entorno. Este problema afecta a Connext Professional: desde la versi\u00f3n 7.0.0 hasta la 7.3.0.2, desde la versi\u00f3n 6.1.1.2 hasta la 6.1.2.21, desde la versi\u00f3n 5.3.1.40 hasta la 5.3.1.41."}], "lastModified": "2025-10-02T13:50:46.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E65F0020-14AC-4966-AAF2-97A73FF72FF4", "versionEndExcluding": "6.1.2.21", "versionStartIncluding": "6.1.1.2"}, {"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3ED9A74-6AA2-45B2-8473-9B7FF2882C55", "versionEndExcluding": "7.3.0.2", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:rti:connext_professional:5.3.1.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C73C9B5-FE5C-483E-8FD2-A18E6A318CC6"}], "operator": "OR"}]}], "sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638"}