CVE-2019-13465

Name of the Vulnerable Software and Affected Versions ros comm versions through 1.14.3

Description An issue was discovered in the ROS communications-related packages. The problem lies in the remove() function in clients/roscpp/src/libros/spinner.cpp, where ROS ASSERT MSG only works when ROS ASSERT ENABLED is defined. If ROS ASSERT ENABLED is not defined, the iterator loop may run out of the scope of the array, potentially causing denial of service for other components that depend on the communication-related functions of this package.

Recommendations For versions through 1.14.3, consider defining ROS ASSERT ENABLED to prevent the iterator loop from running out of scope and causing denial of service. As a temporary workaround, review the remove() function in clients/roscpp/src/libros/spinner.cpp to ensure it does not cause issues when ROS ASSERT ENABLED is not defined.