CVE-2024-25198

Name of the Vulnerable Software and Affected Versions Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions

Description The issue arises from an inappropriate pointer order of laser scan filter .reset() and tf listener .reset() in the amcl node.cpp file, leading to a use-after-free condition.

Recommendations For Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions, consider reordering the pointer reset operations to prevent the use-after-free condition, specifically ensuring that tf listener .reset() is called before laser scan filter .reset(). At the moment, there is no information about a newer version that contains a fix for this vulnerability.