Description
Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0, from 2.4.5 before 2.4.*.
Published: 2026-06-17
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds read flaw in RTI Connext Micro’s core libraries that allows overreading of buffers, enabling an attacker to read data beyond the intended memory boundaries. This information disclosure could expose sensitive data stored adjacent to the overread buffer. The weakness is identified as CWE‑125.

Affected Systems

The affected product is RTI Connext Micro. All releases from 4.0.0 up to, but not including, 4.3.0, and from 2.4.5 up to but not including 2.4.* contain the vulnerable code. Deployments that have not applied the patch or upgraded to a newer release are potentially impacted.

Risk and Exploitability

The CVSS score of 8.8 signals high severity, but the EPSS score of less than 1% indicates a low likelihood of exploitation in the immediate future. Because it is not listed in CISA’s KEV catalog, no widespread exploitation has been observed. The available data does not detail specific attack conditions; the likely attack vector, inferred from the vulnerability’s nature, would involve the application possessing local or embedded access that can trigger the overread, while remote exploitation requires additional context that is not specified.

Generated by OpenCVE AI on June 25, 2026 at 18:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to RTI Connext Micro version 4.3.0 or later, which contains the fixed core library code.
  • If an upgrade cannot be performed immediately, review all custom code paths that access the vulnerable buffer and add explicit bounds checks to prevent reads beyond the buffer’s limits.
  • Apply operating‑system or application‑level memory protection mechanisms, such as address space layout randomization and stack protection, to reduce the visibility of any memory that is over‑read at runtime.

Generated by OpenCVE AI on June 25, 2026 at 18:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0. Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0, from 2.4.5 before 2.4.*.

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0.
Title Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.
First Time appeared Rti
Rti connext Micro
Weaknesses CWE-125
CPEs cpe:2.3:a:rti:connext_micro:*:*:*:*:*:*:*:*
Vendors & Products Rti
Rti connext Micro
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Subscriptions

Rti Connext Micro
cve-icon MITRE

Status: PUBLISHED

Assigner: RTI

Published:

Updated: 2026-06-25T15:47:30.768Z

Reserved: 2026-03-05T14:43:37.192Z

Link: CVE-2026-30802

cve-icon Vulnrichment

Updated: 2026-06-17T17:58:38.260Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T18:30:14Z

Weaknesses