Buffer Overflow Vulnerability in Open Robotic Operating System 2 ROS2 Navigation Product
CVE-2024-37862

Currently unrated

Key Information:

Vendor: Open Robotics
Status: Open Robotic Operating System 2 (ROS2)
Vendor: CVE Published:; 5 December 2024

🔔 Create Open Robotics Vulnerability Alert

What is CVE-2024-37862?

A Buffer Overflow vulnerability exists in the Open Robotic Operating System 2 (ROS2) specifically within the navigation2-humble component. This flaw allows a local attacker to execute arbitrary code by sending a specially crafted .yaml file to the nav2_planner process, which may lead to unauthorized actions within the system. Users of the affected version should prioritize updates to mitigate the risk associated with this vulnerability.

References

https://github.com/ros-navigation/navigation2/issues/4005

https://github.com/ros-navigation/navigation2/issues/4062

https://github.com/GoesM/ROS-CVE-CNVDs

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Jun 10, 2024