RTI Connext Professional Out-of-Bounds Read and Write Vulnerability in Recording Service

A vulnerability allowing out-of-bounds read and write operations has been identified in RTI Connext Professional's Recording Service. This issue can lead to buffer overflows and overreads. The vulnerability is present in Connext Professional versions 7.4.0 prior to 7.5.0, 7.0.0 prior to 7.3.0.7, 6.1.0 prior to 6.1.2.23, and 6.0.0 prior to 6.0.1.42.

Impact

Exploitation of this vulnerability could cause memory corruption, leading to data corruption or application crashes. The vulnerability is only exploitable under certain conditions, such as winning a race condition or when the rollover feature is set to change files based on size, potentially allowing exploitation through a compromised local file system or by publishing data over the network.

Remediation

To mitigate this vulnerability, it is recommended to protect access to the local file system where Recording Service stores data, and to use Security for topics accepted by Recording Service.