PT-2019-13336 · Ros · Ros Comm

Cwecht

Published

2019-12-30

Updated

2020-01-09

CVE-2019-13445

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ros comm versions through 1.14.3

Description An issue was discovered in the ROS communications-related packages where the parseOptions() function in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.

Recommendations For versions through 1.14.3, consider updating to a version that fixes the integer overflow issue in the parseOptions() function. As a temporary workaround, restrict the use of the split option on the command line to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2019-13445

Affected Products

Ros Comm

PT-2019-13336 · Ros · Ros Comm

CVE-2019-13445

Weakness Enumeration

Related Identifiers

Affected Products

References · 10