CVE-2024-29452

Name of the Vulnerable Software and Affected Versions ROS2 Humble Hawksbill versions 2 and 3

Description An insecure deserialization vulnerability has been identified, allowing attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces.

Recommendations For ROS2 Humble Hawksbill versions 2 and 3, consider disabling the deserialization functionality in the Data Serialization and Deserialization Components as a temporary workaround until a patch is available. Restrict access to the Inter-Process Communication Mechanisms and Network Communication Interfaces to minimize the risk of exploitation.