cvelistv5 - cve-2024-52065

CVE-2024-52065 (GCVE-0-2024-52065)

Vulnerability from cvelistv5 – Published: 2024-12-13 10:22 – Updated: 2025-02-07 21:49

Summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

RTI

References

URL

Tags

https://www.rti.com/vulnerabilities/#cve-2024-52065

Impacted products

	Vendor	Product	Version
	RTI	Connext Professional	Affected: 7.0.0 , < 7.3.0.2 (custom) Affected: 6.1.1.2 , < 6.1.2.21 (custom) Affected: 5.3.1.40 , < 5.3.1.41 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52065",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-16T18:15:10.198168Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-16T18:15:14.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Persistence Service"
          ],
          "platforms": [
            "non-Windows"
          ],
          "product": "Connext Professional",
          "vendor": "RTI",
          "versions": [
            {
              "lessThan": "7.3.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.2.21",
              "status": "affected",
              "version": "6.1.1.2",
              "versionType": "custom"
            },
            {
              "lessThan": "5.3.1.41",
              "status": "affected",
              "version": "5.3.1.40",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.3.0.2",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2.21",
                  "versionStartIncluding": "6.1.1.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.3.1.41",
                  "versionStartIncluding": "5.3.1.40",
                  "vulnerable": true
                }
              ],
              "negated": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-12-12T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.\u003c/p\u003e"
            }
          ],
          "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-10",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-10 Buffer Overflow via Environment Variables"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-07T21:49:18.883Z",
        "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "shortName": "RTI"
      },
      "references": [
        {
          "url": "https://www.rti.com/vulnerabilities/#cve-2024-52065"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
    "assignerShortName": "RTI",
    "cveId": "CVE-2024-52065",
    "datePublished": "2024-12-13T10:22:34.728Z",
    "dateReserved": "2024-11-05T19:04:16.676Z",
    "dateUpdated": "2025-02-07T21:49:18.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de copia de b\\u00fafer sin comprobar el tama\\u00f1o de la entrada (\u0027desbordamiento de b\\u00fafer cl\\u00e1sico\u0027) en RTI Connext Professional en sistemas que no son Windows (servicio de persistencia) permite un desbordamiento de b\\u00fafer a trav\\u00e9s de variables de entorno. Este problema afecta a Connext Professional: desde la versi\\u00f3n 7.0.0 hasta la 7.3.0.2, desde la versi\\u00f3n 6.1.1.2 hasta la 6.1.2.21, desde la versi\\u00f3n 5.3.1.40 hasta la 5.3.1.41.\"}]",
      "id": "CVE-2024-52065",
      "lastModified": "2024-12-13T11:15:09.153",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"3f572a00-62e2-4423-959a-7ea25eff1638\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"LOW\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}]}",
      "published": "2024-12-13T11:15:09.153",
      "references": "[{\"url\": \"https://www.rti.com/vulnerabilities/#cve-2024-52065\", \"source\": \"3f572a00-62e2-4423-959a-7ea25eff1638\"}]",
      "sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"3f572a00-62e2-4423-959a-7ea25eff1638\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-52065\",\"sourceIdentifier\":\"3f572a00-62e2-4423-959a-7ea25eff1638\",\"published\":\"2024-12-13T11:15:09.153\",\"lastModified\":\"2025-10-02T13:50:46.517\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional en sistemas que no son Windows (servicio de persistencia) permite un desbordamiento de b\u00fafer a trav\u00e9s de variables de entorno. Este problema afecta a Connext Professional: desde la versi\u00f3n 7.0.0 hasta la 7.3.0.2, desde la versi\u00f3n 6.1.1.2 hasta la 6.1.2.21, desde la versi\u00f3n 5.3.1.40 hasta la 5.3.1.41.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"3f572a00-62e2-4423-959a-7ea25eff1638\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"3f572a00-62e2-4423-959a-7ea25eff1638\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.1.2\",\"versionEndExcluding\":\"6.1.2.21\",\"matchCriteriaId\":\"E65F0020-14AC-4966-AAF2-97A73FF72FF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.3.0.2\",\"matchCriteriaId\":\"F3ED9A74-6AA2-45B2-8473-9B7FF2882C55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rti:connext_professional:5.3.1.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C73C9B5-FE5C-483E-8FD2-A18E6A318CC6\"}]}]}],\"references\":[{\"url\":\"https://www.rti.com/vulnerabilities/#cve-2024-52065\",\"source\":\"3f572a00-62e2-4423-959a-7ea25eff1638\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-52065\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-16T18:15:10.198168Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-16T18:15:07.026Z\"}}], \"cna\": {\"title\": \"Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-10\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-10 Buffer Overflow via Environment Variables\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"RTI\", \"modules\": [\"Persistence Service\"], \"product\": \"Connext Professional\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.3.0.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.1.1.2\", \"lessThan\": \"6.1.2.21\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.3.1.40\", \"lessThan\": \"5.3.1.41\", \"versionType\": \"custom\"}], \"platforms\": [\"non-Windows\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-12-12T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.rti.com/vulnerabilities/#cve-2024-52065\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.\u003cp\u003eThis issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negated\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.3.0.2\", \"versionStartIncluding\": \"7.0.0\"}, {\"criteria\": \"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.2.21\", \"versionStartIncluding\": \"6.1.1.2\"}, {\"criteria\": \"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.3.1.41\", \"versionStartIncluding\": \"5.3.1.40\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"3f572a00-62e2-4423-959a-7ea25eff1638\", \"shortName\": \"RTI\", \"dateUpdated\": \"2025-02-07T21:49:18.883Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-52065\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-07T21:49:18.883Z\", \"dateReserved\": \"2024-11-05T19:04:16.676Z\", \"assignerOrgId\": \"3f572a00-62e2-4423-959a-7ea25eff1638\", \"datePublished\": \"2024-12-13T10:22:34.728Z\", \"assignerShortName\": \"RTI\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-2M3M-XV57-XRMM

Vulnerability from github – Published: 2024-12-13 12:31 – Updated: 2025-10-02 15:31

Details

Severity ?

7.1 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

6.9 (Medium)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-52065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-13T11:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.",
  "id": "GHSA-2m3m-xv57-xrmm",
  "modified": "2025-10-02T15:31:12Z",
  "published": "2024-12-13T12:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52065"
    },
    {
      "type": "WEB",
      "url": "https://www.rti.com/vulnerabilities/#cve-2024-52065"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2024-52065

Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:50

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Summary

References

	URL	Tags
	3f572a00-62e2-4423-959a-7ea25eff1638	https://www.rti.com/vulnerabilities/#cve-2024-52065	Vendor Advisory

Impacted products

Vendor	Product	Version
rti	connext_professional	*
rti	connext_professional	*
rti	connext_professional	5.3.1.40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E65F0020-14AC-4966-AAF2-97A73FF72FF4",
              "versionEndExcluding": "6.1.2.21",
              "versionStartIncluding": "6.1.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3ED9A74-6AA2-45B2-8473-9B7FF2882C55",
              "versionEndExcluding": "7.3.0.2",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rti:connext_professional:5.3.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C73C9B5-FE5C-483E-8FD2-A18E6A318CC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional en sistemas que no son Windows (servicio de persistencia) permite un desbordamiento de b\u00fafer a trav\u00e9s de variables de entorno. Este problema afecta a Connext Professional: desde la versi\u00f3n 7.0.0 hasta la 7.3.0.2, desde la versi\u00f3n 6.1.1.2 hasta la 6.1.2.21, desde la versi\u00f3n 5.3.1.40 hasta la 5.3.1.41."
    }
  ],
  "id": "CVE-2024-52065",
  "lastModified": "2025-10-02T13:50:46.517",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-13T11:15:09.153",
  "references": [
    {
      "source": "3f572a00-62e2-4423-959a-7ea25eff1638",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.rti.com/vulnerabilities/#cve-2024-52065"
    }
  ],
  "sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "3f572a00-62e2-4423-959a-7ea25eff1638",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-52065 (GCVE-0-2024-52065)

GHSA-2M3M-XV57-XRMM

FKIE_CVE-2024-52065

Tags

Sightings

Nomenclature