PT-2024-23564 · Ros2 · Ros2
Published
2024-04-08
·
Updated
2024-05-27
·
CVE-2024-30681
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3
Description
An OS command injection issue has been discovered, allowing attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2.
Recommendations
For ROS2 Iron Irwini version ROS VERSION 2, update the command processing component to prevent arbitrary code execution.
For ROS2 Iron Irwini version ROS PYTHON VERSION 3, restrict system call components to minimize the risk of privilege escalation.
As a temporary workaround, consider disabling the command processing or system call components in ROS2 until a patch is available.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ros2