RTI Connext Professional
Easy fix3 remedies
cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*
Easy fix3 remedies
- >= 7.4.0, < 7.7.0
- >= 7.0.0, < 7.3.1.1
- >= 6.1.0, < 6.1.*
- >= 6.0.0, < 6.0.*
- >= 5.3.0, < 5.3.*
- >= 4.3, < 5.2.*
RTI Connext Buffer Over-read Vulnerability Allowing Heap Memory Overread
Vulnerability
Patched
A buffer over-read vulnerability has been identified in RTI Connext Professional Core Libraries. This vulnerability allows for unauthorized reading of heap memory when the application parses XML types, potentially leading to information leakage or application crashes. The issue affects multiple versions of RTI Connext Professional, including versions 4.3x prior to 5.2.*, 5.3.0 prior to 5.3.*, 6.0.0 prior to 6.0.*, 6.1.0 prior to 6.1.*, 7.0.0 prior to 7.3.1.1, and 7.4.0 prior to 7.7.0.
Impact
Exploitation of this vulnerability causes a heap buffer over-read of one byte, leading to a minor confidentiality breach and a low likelihood of crashing the application.
Reproduction
The vulnerability can be reproduced by sending malicious RTPS messages that include harmful XML data, or by using a compromised local file system to introduce a malicious XML file. This can be done during the application's startup process.
Remediation
Users can upgrade to RTI Connext Professional version 7.3.1.2 or 7.7.0, both of which include the necessary fix. For versions 6.1.2.29 or earlier, a patch is available upon request.
Added: Apr 1, 2026, 1:24 AM
Updated: Apr 1, 2026, 1:24 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
3.1exploitability
3.8remediation
8.3relevance
5.1threat
1.6urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.