CVE-2024-30961

Name of the Vulnerable Software and Affected Versions Open Robotics Robotic Operating System 2 (ROS2) navigation2 versions ROS2-humble

Description The issue allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2 bt navigator. This is due to an Insecure Permissions vulnerability in the navigation2 component of ROS2.

Recommendations For Open Robotics Robotic Operating System 2 (ROS2) navigation2 version ROS2-humble, consider disabling the nav2 bt navigator function until a patch is available to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.