9.8
CVE-2021-38435
- EPSS 1.36%
- Veröffentlicht 05.05.2022 17:15:09
- Zuletzt bearbeitet 05.02.2025 13:26:20
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginRTI Connext DDS Professional and Connext DDS Secure Incorrect Calculation of Buffer Size
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rti ≫ Connext Professional Version >= 4.2 < 6.1.0
Rti ≫ Connext Secure Version >= 4.2 < 6.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.36% | 0.68 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| ics-cert@hq.dhs.gov | 6.6 | 1.8 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
CWE-131 Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F