CVE-2024-52064
Last modified
CVE-2024-52064 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.. EPSS estimates a 0.15% chance of exploitation in the next 30 days.
Description
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rti | Connext Professional | >= 4.4, < 5.3.1.45 |
| Rti | Connext Professional | >= 6.0.0, < 6.0.1.40 |
| Rti | Connext Professional | >= 6.1.0, < 6.1.2.21 |
| Rti | Connext Professional | >= 7.0.0, < 7.3.0.2 |
References
- https://www.rti.com/vulnerabilities/#cve-2024-52064Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-52064?
How severe is CVE-2024-52064?
How do I fix CVE-2024-52064?
Are you affected by CVE-2024-52064?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST