CVE-2024-30665

Name of the Vulnerable Software and Affected Versions ROS (Robot Operating System) Melodic Morenia versions 1

Description An OS command injection issue has been discovered, primarily affecting command processing and system call components. This makes them susceptible to manipulation by malicious entities, allowing unauthorized commands to be executed, which can lead to remote code execution (RCE), data theft, and malicious activities. The affected components include External Command Execution Modules, System Call Handlers, and Interface Scripts.

Recommendations For ROS (Robot Operating System) Melodic Morenia version 1, consider disabling the External Command Execution Modules, System Call Handlers, and Interface Scripts as a temporary workaround until a patch is available. Restrict access to these components to minimize the risk of exploitation. Avoid using the ROS VERSION and ROS PYTHON VERSION variables in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.