{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-52061","assignerOrgId":"3f572a00-62e2-4423-959a-7ea25eff1638","state":"PUBLISHED","assignerShortName":"RTI","dateReserved":"2024-11-05T19:04:16.675Z","datePublished":"2024-12-13T10:20:13.392Z","dateUpdated":"2025-02-07T21:48:42.491Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["Core Libraries","Queuing Service","Recording Service","Routing Service"],"product":"Connext Professional","vendor":"RTI","versions":[{"lessThan":"7.5.0","status":"affected","version":"7.4.0","versionType":"custom"},{"lessThan":"7.3.0.5","status":"affected","version":"7.0.0","versionType":"custom"},{"lessThan":"6.1.2.21","status":"affected","version":"6.1.0","versionType":"custom"},{"lessThan":"6.0.1.40","status":"affected","version":"6.0.0","versionType":"custom"},{"lessThan":"5.3.1.45","status":"affected","version":"5.0.0","versionType":"custom"}]}],"datePublic":"2024-12-12T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.<p>This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.</p>"}],"value":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."}],"impacts":[{"capecId":"CAPEC-46","descriptions":[{"lang":"en","value":"CAPEC-46 Overflow Variables and Tags"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":8.3,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-120","description":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"3f572a00-62e2-4423-959a-7ea25eff1638","shortName":"RTI","dateUpdated":"2025-02-07T21:48:42.491Z"},"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2024-52061"}],"source":{"discovery":"UNKNOWN"},"title":"Potential stack buffer overflow when parsing an XML type","x_generator":{"engine":"Vulnogram 0.2.0"},"cpeApplicability":[{"nodes":[{"operator":"OR","negated":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.5.0"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.3.0.5"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.2.21"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.1.40"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.3.1.45"}]}]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-23T20:02:30.481034Z","id":"CVE-2024-52061","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-23T20:02:44.507Z"}}]}}