NULL Pointer Dereference Vulnerability Discovered in ROS2 navigation2
CVE-2024-44854

7.5HIGH

Key Information:

Vendor: Open Robotics
Status: Robot Operating System
Vendor: CVE Published:; 6 December 2024

🔔 Create Open Robotics Vulnerability Alert

What is CVE-2024-44854?

Open Robotics' Robotic Operating System 2 (ROS2) Navigation2 version humble contains a vulnerability that leads to a NULL pointer dereference within its smoothPlan() component. This flaw can potentially disrupt normal operational functionality and impact the navigation capabilities of robotic systems utilizing this version. Proper handling of such code execution paths is crucial for ensuring the stability and reliability of robotic applications.

References

https://github.com/GoesM/ROS-CVE-CNVDs

https://github.com/ros-navigation/navigation2/issues/4538

https://github.com/ros-navigation/navigation2/pull/4544

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2024