PT-2024-28274 · Open Robotics · Ros2+1

Published

2024-12-05

Updated

2024-12-06

CVE-2024-38910

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version

Description A use-after-free issue was discovered in the nav2 amcl process of the affected software. This issue is triggered by sending a request to change dynamic parameters.

Recommendations For Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version, consider disabling the nav2 amcl process as a temporary workaround until a patch is available. Restrict access to dynamic parameter changes to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2024-38910

Affected Products

Nav2

Ros2

PT-2024-28274 · Open Robotics · Ros2+1

CVE-2024-38910

Weakness Enumeration

Related Identifiers

Affected Products

References · 9