CVE-2024-38920

Name of the Vulnerable Software and Affected Versions Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions

Description A use-after-free vulnerability was discovered in the nav2 amcl process of Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble. This issue is triggered via remotely sending a request to change the value of the dynamic-parameter /amcl max beams.

Recommendations For Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions, as a temporary workaround, consider restricting access to the nav2 amcl process until a patch is available. Avoid using the dynamic-parameter /amcl max beams in the affected process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.