Buffer Overflow in Open Robotics Robotic Operating System 2 Nav2 Product
CVE-2024-37861

Currently unrated

Key Information:

Vendor: Open Robotics
Status: Robotic Operating System 2 (ROS2) Nav2
Vendor: CVE Published:; 5 December 2024

🔔 Create Open Robotics Vulnerability Alert

What is CVE-2024-37861?

A buffer overflow vulnerability exists in Open Robotics' Robotic Operating System 2 (ROS2) and Nav2, specifically through the nav2_amcl process. This issue can be exploited by sending a specially crafted .yaml file, potentially allowing for unauthorized code execution or system disruption. It is imperative for users and developers within the robotics community to review their systems and apply necessary security measures to mitigate potential risks associated with this vulnerability.

References

https://github.com/ros-navigation/navigation2/issues/4005

https://github.com/ros-navigation/navigation2/issues/4335

https://github.com/ros-navigation/navigation2/issues/4338

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Jun 10, 2024