RTI Connext Professional Heap-Based Buffer Overflow Vulnerability in Core Libraries

A heap-based buffer overflow vulnerability has been identified in RTI Connext Professional Core Libraries. This vulnerability allows for heap memory corruption by overwriting variables and tags. It affects multiple versions of Connext Professional, including versions 7.4.0 prior to 7.5.0, 7.0.0 prior to 7.3.0.7, 6.1.0 prior to 6.1.2.23, 6.0.0 prior to 6.0.1.42, 5.3.0 prior to 5.3.*, and 4.4d prior to 5.2.*.

Impact

Exploitation of this vulnerability can lead to a heap buffer overflow, allowing for memory corruption. This could potentially be exploited to execute arbitrary code or cause a crash, disrupting the application using RTI Connext.

Reproduction

The vulnerability can be reproduced by loading a malicious license file into an application that uses RTI Connext Professional. This can be done by overwriting the existing license file on the file system with a crafted version that exploits the buffer overflow vulnerability. Once the application is run, the malicious license file will be parsed, triggering the heap-based buffer overflow.

Remediation

Users can protect access to the file system where RTI Connext applications are running, or use the 'data:,' prefix to specify the 'dds.sec.auth.identity_certificate' property value. Additionally, for versions 7.3.0 and later, enabling the Security Plugins RTPS PSK Protection can mitigate the vulnerability.