PT-2024-23568 · Ros2 · Ros2
Published
2024-04-08
·
Updated
2024-05-27
·
CVE-2024-30687
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3
Description
An insecure deserialization issue allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces.
Recommendations
For ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3, consider disabling the deserialization functionality in the Data Serialization and Deserialization Components until a patch is available.
Restrict access to the Inter-Process Communication Mechanisms and Network Communication Interfaces to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ros2