Vulnerability Description
In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rti | Connext Professional | >= 5.3.0, < 5.3.1.44 |
Related Weaknesses (CWE)
References
- https://community.rti.com/static/documentation/connext-dds/current/doc/vulnerabiVendor Advisory
- https://community.rti.com/static/documentation/connext-dds/current/doc/vulnerabiVendor Advisory
FAQ
What is CVE-2024-25724?
CVE-2024-25724 is a vulnerability with a CVSS score of 7.3 (HIGH). In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to...
How severe is CVE-2024-25724?
CVE-2024-25724 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25724?
Check the references section above for vendor advisories and patch information. Affected products include: Rti Connext Professional.