PT-2024-27792 · Open Robotics · Ros2+1
Published
2024-12-05
·
Updated
2024-12-06
·
CVE-2024-37861
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions
Description
The issue is a buffer overflow that occurs via the nav2 amcl process. This is triggered by sending a crafted .yaml file.
Recommendations
For Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions, consider disabling the nav2 amcl process as a temporary workaround until a patch is available. Restrict access to the nav2 amcl process to minimize the risk of exploitation. Avoid using crafted .yaml files in the affected process until the issue is resolved.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nav2
Ros2