PT-2024-27794 · Open Robotics · Ros2+1
Published
2024-12-05
·
Updated
2024-12-06
·
CVE-2024-37863
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions
Description
The issue is a buffer overflow vulnerability triggered by sending a crafted .yaml file via the nav2 amcl process.
Recommendations
For Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions, consider restricting the use of the nav2 amcl process until a patch is available.
As a temporary workaround, avoid using crafted .yaml files with the nav2 amcl process to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nav2
Ros2