cvelistv5 - cve-2024-52061

CVE-2024-52061 (GCVE-0-2024-52061)

Vulnerability from cvelistv5 – Published: 2024-12-13 10:20 – Updated: 2025-02-07 21:48

Summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.

Severity ?

8.3 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

RTI

References

URL

Tags

https://www.rti.com/vulnerabilities/#cve-2024-52061

Impacted products

	Vendor	Product	Version
	RTI	Connext Professional	Affected: 7.4.0 , < 7.5.0 (custom) Affected: 7.0.0 , < 7.3.0.5 (custom) Affected: 6.1.0 , < 6.1.2.21 (custom) Affected: 6.0.0 , < 6.0.1.40 (custom) Affected: 5.0.0 , < 5.3.1.45 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52061",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-23T20:02:30.481034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-23T20:02:44.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Core Libraries",
            "Queuing Service",
            "Recording Service",
            "Routing Service"
          ],
          "product": "Connext Professional",
          "vendor": "RTI",
          "versions": [
            {
              "lessThan": "7.5.0",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.2.21",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.1.40",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.3.1.45",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.5.0",
                  "versionStartIncluding": "7.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.3.0.5",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2.21",
                  "versionStartIncluding": "6.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.1.40",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.3.1.45",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                }
              ],
              "negated": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-12-12T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.\u003c/p\u003e"
            }
          ],
          "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-46",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-46 Overflow Variables and Tags"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-07T21:48:42.491Z",
        "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "shortName": "RTI"
      },
      "references": [
        {
          "url": "https://www.rti.com/vulnerabilities/#cve-2024-52061"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Potential stack buffer overflow when parsing an XML type",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
    "assignerShortName": "RTI",
    "cveId": "CVE-2024-52061",
    "datePublished": "2024-12-13T10:20:13.392Z",
    "dateReserved": "2024-11-05T19:04:16.675Z",
    "dateUpdated": "2025-02-07T21:48:42.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de copia de b\\u00fafer sin comprobar el tama\\u00f1o de la entrada (\u0027desbordamiento de b\\u00fafer cl\\u00e1sico\u0027) en RTI Connext Professional (librer\\u00edas principales, servicio de cola, servicio de grabaci\\u00f3n, servicio de enrutamiento) permite desbordamiento de variables y etiquetas. Este problema afecta a Connext Professional: desde la versi\\u00f3n 7.4.0 hasta la 7.5.0, desde la versi\\u00f3n 7.0.0 hasta la 7.3.0.5, desde la versi\\u00f3n 6.1.0 hasta la 6.1.2.21, desde la versi\\u00f3n 6.0.0 hasta la 6.0.1.40, desde la versi\\u00f3n 5.0.0 hasta la 5.3.1.45.\"}]",
      "id": "CVE-2024-52061",
      "lastModified": "2024-12-13T11:15:08.457",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"3f572a00-62e2-4423-959a-7ea25eff1638\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}]}",
      "published": "2024-12-13T11:15:08.457",
      "references": "[{\"url\": \"https://www.rti.com/vulnerabilities/#cve-2024-52061\", \"source\": \"3f572a00-62e2-4423-959a-7ea25eff1638\"}]",
      "sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"3f572a00-62e2-4423-959a-7ea25eff1638\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-52061\",\"sourceIdentifier\":\"3f572a00-62e2-4423-959a-7ea25eff1638\",\"published\":\"2024-12-13T11:15:08.457\",\"lastModified\":\"2025-10-02T13:38:37.063\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (librer\u00edas principales, servicio de cola, servicio de grabaci\u00f3n, servicio de enrutamiento) permite desbordamiento de variables y etiquetas. Este problema afecta a Connext Professional: desde la versi\u00f3n 7.4.0 hasta la 7.5.0, desde la versi\u00f3n 7.0.0 hasta la 7.3.0.5, desde la versi\u00f3n 6.1.0 hasta la 6.1.2.21, desde la versi\u00f3n 6.0.0 hasta la 6.0.1.40, desde la versi\u00f3n 5.0.0 hasta la 5.3.1.45.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"3f572a00-62e2-4423-959a-7ea25eff1638\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"3f572a00-62e2-4423-959a-7ea25eff1638\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.3.1.45\",\"matchCriteriaId\":\"4662FA7C-56A5-4491-A359-DF62550A9231\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.1.40\",\"matchCriteriaId\":\"E8FE0AD3-A12C-4A7F-BE66-725B7B941176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndExcluding\":\"6.1.2.21\",\"matchCriteriaId\":\"2F6B4325-F208-482A-B0FF-56FD3DEFB35A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.3.0.5\",\"matchCriteriaId\":\"73826C13-CDA4-453A-AE9A-B94AF1A9F63E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.5.0\",\"matchCriteriaId\":\"0A042A71-7A6A-41BB-A5B2-C07C5206D2E3\"}]}]}],\"references\":[{\"url\":\"https://www.rti.com/vulnerabilities/#cve-2024-52061\",\"source\":\"3f572a00-62e2-4423-959a-7ea25eff1638\",\"tags\":[\"Vendor Advisory\",\"Mitigation\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-52061\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-23T20:02:30.481034Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-23T20:02:40.565Z\"}}], \"cna\": {\"title\": \"Potential stack buffer overflow when parsing an XML type\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-46\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-46 Overflow Variables and Tags\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"RTI\", \"modules\": [\"Core Libraries\", \"Queuing Service\", \"Recording Service\", \"Routing Service\"], \"product\": \"Connext Professional\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"lessThan\": \"7.5.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.3.0.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.1.0\", \"lessThan\": \"6.1.2.21\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.1.40\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.0.0\", \"lessThan\": \"5.3.1.45\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-12-12T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.rti.com/vulnerabilities/#cve-2024-52061\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negated\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.5.0\", \"versionStartIncluding\": \"7.4.0\"}, {\"criteria\": \"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.3.0.5\", \"versionStartIncluding\": \"7.0.0\"}, {\"criteria\": \"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.2.21\", \"versionStartIncluding\": \"6.1.0\"}, {\"criteria\": \"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.0.1.40\", \"versionStartIncluding\": \"6.0.0\"}, {\"criteria\": \"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.3.1.45\", \"versionStartIncluding\": \"5.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"3f572a00-62e2-4423-959a-7ea25eff1638\", \"shortName\": \"RTI\", \"dateUpdated\": \"2025-02-07T21:48:42.491Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-52061\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-07T21:48:42.491Z\", \"dateReserved\": \"2024-11-05T19:04:16.675Z\", \"assignerOrgId\": \"3f572a00-62e2-4423-959a-7ea25eff1638\", \"datePublished\": \"2024-12-13T10:20:13.392Z\", \"assignerShortName\": \"RTI\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-52061

Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:38

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	3f572a00-62e2-4423-959a-7ea25eff1638	https://www.rti.com/vulnerabilities/#cve-2024-52061	Vendor Advisory, Mitigation

Impacted products

Vendor	Product	Version
rti	connext_professional	*
rti	connext_professional	*
rti	connext_professional	*
rti	connext_professional	*
rti	connext_professional	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4662FA7C-56A5-4491-A359-DF62550A9231",
              "versionEndExcluding": "5.3.1.45",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FE0AD3-A12C-4A7F-BE66-725B7B941176",
              "versionEndExcluding": "6.0.1.40",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6B4325-F208-482A-B0FF-56FD3DEFB35A",
              "versionEndExcluding": "6.1.2.21",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73826C13-CDA4-453A-AE9A-B94AF1A9F63E",
              "versionEndExcluding": "7.3.0.5",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A042A71-7A6A-41BB-A5B2-C07C5206D2E3",
              "versionEndExcluding": "7.5.0",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (librer\u00edas principales, servicio de cola, servicio de grabaci\u00f3n, servicio de enrutamiento) permite desbordamiento de variables y etiquetas. Este problema afecta a Connext Professional: desde la versi\u00f3n 7.4.0 hasta la 7.5.0, desde la versi\u00f3n 7.0.0 hasta la 7.3.0.5, desde la versi\u00f3n 6.1.0 hasta la 6.1.2.21, desde la versi\u00f3n 6.0.0 hasta la 6.0.1.40, desde la versi\u00f3n 5.0.0 hasta la 5.3.1.45."
    }
  ],
  "id": "CVE-2024-52061",
  "lastModified": "2025-10-02T13:38:37.063",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-13T11:15:08.457",
  "references": [
    {
      "source": "3f572a00-62e2-4423-959a-7ea25eff1638",
      "tags": [
        "Vendor Advisory",
        "Mitigation"
      ],
      "url": "https://www.rti.com/vulnerabilities/#cve-2024-52061"
    }
  ],
  "sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "3f572a00-62e2-4423-959a-7ea25eff1638",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8CVV-3P2P-XX9W

Vulnerability from github – Published: 2024-12-13 12:31 – Updated: 2025-10-02 15:31

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-52061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-13T11:15:08Z",
    "severity": "HIGH"
  },
  "details": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.",
  "id": "GHSA-8cvv-3p2p-xx9w",
  "modified": "2025-10-02T15:31:12Z",
  "published": "2024-12-13T12:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52061"
    },
    {
      "type": "WEB",
      "url": "https://www.rti.com/vulnerabilities/#cve-2024-52061"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-52061 (GCVE-0-2024-52061)

FKIE_CVE-2024-52061

GHSA-8CVV-3P2P-XX9W

Tags

Sightings

Nomenclature