CVE-2024-38921

Name of the Vulnerable Software and Affected Versions Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions

Description A use-after-free vulnerability was discovered in the nav2 amcl process of Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions. This issue is triggered by remotely sending a request to change the value of dynamic-parameter /amcl z rand.

Recommendations For Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions, consider disabling the nav2 amcl process as a temporary workaround until a patch is available. Restrict access to the dynamic-parameter /amcl z rand to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.