CVE-2024-52060: Potential stack overflow when using XML configuration file referencing environment variables
First published: Fri Dec 13 2024(Updated: )
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45.
Credit: 3f572a00-62e2-4423-959a-7ea25eff1638
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RTI Connext DDS Professional | >=7.0.0<7.3.0.5 | |
| RTI Connext DDS Professional | >=6.1.0<6.1.2.21 | |
| RTI Connext DDS Professional | >=6.0.0<=6.0.* | |
| RTI Connext DDS Professional | >=5.3.0<5.3.1.45 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- agent/last-modified-date
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/rti
- canonical/rti connext dds professional