Impact
The vulnerability is an out‑of‑bounds read flaw in RTI Connext Micro’s core libraries that allows overreading of buffers, enabling an attacker to read data beyond the intended memory boundaries. This information disclosure could expose sensitive data stored adjacent to the overread buffer. The weakness is identified as CWE‑125.
Affected Systems
The affected product is RTI Connext Micro. All releases from 4.0.0 up to, but not including, 4.3.0, and from 2.4.5 up to but not including 2.4.* contain the vulnerable code. Deployments that have not applied the patch or upgraded to a newer release are potentially impacted.
Risk and Exploitability
The CVSS score of 8.8 signals high severity, but the EPSS score of less than 1% indicates a low likelihood of exploitation in the immediate future. Because it is not listed in CISA’s KEV catalog, no widespread exploitation has been observed. The available data does not detail specific attack conditions; the likely attack vector, inferred from the vulnerability’s nature, would involve the application possessing local or embedded access that can trigger the overread, while remote exploitation requires additional context that is not specified.
OpenCVE Enrichment