Buffer Overflow Vulnerability in Open Robotic Operating System 2 Navigation2 by Open Robotics
CVE-2024-37860

Currently unrated

Key Information:

Vendor: Open Robotics
Status: Open Robotic Operating System 2 (ROS2) Navigation2
Vendor: CVE Published:; 5 December 2024

🔔 Create Open Robotics Vulnerability Alert

What is CVE-2024-37860?

A buffer overflow vulnerability in the Open Robotic Operating System 2 (ROS2) Navigation2 component allows local attackers to execute arbitrary code. This can occur when specially crafted .yaml files are processed by the nav2_amcl process, potentially compromising the integrity of the system. The flaw emphasizes the need for proper validation of input files to prevent unauthorized execution and protect critical robotic performance.

References

https://github.com/ros-navigation/navigation2/issues/4336

https://github.com/ros-navigation/navigation2/issues/4339

https://github.com/ros-navigation/navigation2/issues/4005

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Jun 10, 2024