Insecure Permissions in Open Robotics Navigation for ROS2 by Open Robotics
CVE-2024-30964

Currently unrated

Key Information:

Vendor: Open Robotics
Status: Robotic Operating System 2 (ROS2)
Vendor: CVE Published:; 5 December 2024

🔔 Create Open Robotics Vulnerability Alert

What is CVE-2024-30964?

A vulnerability has been identified in the Open Robotics Robotic Operating System 2 (ROS2) navigation2-ROS2-humble and navigation2-humble components. This flaw allows local attackers to exploit insecure permissions, enabling them to execute arbitrary code through the initial_pose_sub thread created by the nav2_bt_navigator. Proper safeguards should be implemented to mitigate the risk associated with this vulnerability.

References

https://github.com/ros-planning/navigation2/issues/4166

https://github.com/ros-planning/navigation2/pull/4176

https://github.com/GoesM/ROS-CVE-CNVDs

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Mar 27, 2024