CVE-2024-30704

Name of the Vulnerable Software and Affected Versions ROS2 Galactic Geochelone versions 2

Description An insecure deserialization vulnerability has been identified, allowing attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces.

Recommendations For ROS2 Galactic Geochelone version 2, consider disabling the deserialization functionality in the Data Serialization and Deserialization Components as a temporary workaround until a patch is available. Restrict access to the Inter-Process Communication Mechanisms and Network Communication Interfaces to minimize the risk of exploitation. Avoid using crafted input to these components until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.