CVE-2022-48217

Name of the Vulnerable Software and Affected Versions tf remapper node component version 1.1.1 for Robot Operating System (ROS)

Description The issue allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old tf topic name and/or new tf topic name parameter. The vendor's position is that it is the responsibility of the programmer to ensure only known and required parameters are set and unexpected parameters are not.

Recommendations For tf remapper node component version 1.1.1, as a temporary workaround, consider restricting the use of the old tf topic name and new tf topic name parameters until a patch is available. Ensure that only known and required parameters are set and unexpected parameters are not, following the vendor's guidance on secure programming practices. At the moment, there is no information about a newer version that contains a fix for this vulnerability.