cve/2024/CVE-2024-52060.md

### [CVE-2024-52060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52060)
![](https://img.shields.io/static/v1?label=Product&message=Connext%20Professional&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.3.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brightgreen)

### Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds