Lucene search
K
OpenroboticsRobot Operating System

32 matches found

CVE
CVE
added 2024/02/20 12:0 a.m.6051 views

CVE-2024-25197

CVE-2024-25197 affects Open Robotics ROS2 and Nav2 Humble; it is a NULL pointer dereference in isCurrent() within /src/layered_costmap.cpp. Affected components and exact root cause are described across multiple sources (ROS2/Nav2 humble). The CVSS metric indicates a network-exposed, low-privilege...

6.5CVSS7.2AI score0.00682EPSS
CVE
CVE
added 2024/02/20 12:0 a.m.4609 views

CVE-2024-25199

CVE-2024-25199 affects Open Robotics ROS 2 (2) and Nav2 humble, caused by an inappropriate pointer order between map_sub_ and map_free in amcl_node.cpp, leading to a use-after-free. The entry is supported by multiple sources (NVD, Red Hat, OSV, CVE lists) and notes a high-severity impact (I/H; A/...

8.1CVSS6.7AI score0.00576EPSS
CVE
CVE
added 2024/02/20 12:0 a.m.4271 views

CVE-2024-25196

Open Robotics ROS 2 and Nav2 humble contain a buffer overflow in the nav2_controller process, triggerable by a crafted YAML file. Affected components: ROS 2, Nav2 (humble); root cause: uncontrolled memory handling in nav2_controller. Impact per sources: potential crash/denial by exploitation of Y...

3.3CVSS7.6AI score0.00285EPSS
CVE
CVE
added 2024/02/20 12:0 a.m.3919 views

CVE-2024-25198

CVE-2024-25198 affects Open Robotics ROS 2 and Nav2 humble. The issue is an incorrect pointer order in amcl_node.cpp: laser_scan_filter_.reset() is called before tf_listener_.reset(), causing a use-after-free. Connected documents point to the Nav2/amcl changes and related GitHub PRs (e.g., naviga...

9.1CVSS6.7AI score0.0071EPSS
CVE
CVE
added 2024/12/05 12:0 a.m.77 views

CVE-2024-30962

The vulnerability CVE-2024-30962 affects Open Robotics ROS 2 navigation2 (navigation2-humble) with a buffer overflow in the nav2_amcl process. A local attacker can exploit this to execute arbitrary code. The issue is documented across multiple sources (e.g., NVD, Red Hat, CNNVD, CIRCL) with a CVS...

7.8CVSS7.7AI score0.00291EPSS
CVE
CVE
added 2024/12/05 12:0 a.m.68 views

CVE-2024-30961

CVE-2024-30961 affects Open Robotics ROS2 Navigation2 (navigation2-humble and related nav2_bt_navigator). The vulnerability is described as an insecure permissions issue that enables a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. CVSS data indicate...

7.8CVSS7.6AI score0.00297EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.68 views

CVE-2024-38927

ROS2 (Humble) and Nav2 humble include a use-after-free in the nav2_amcl process, exploitable by remotely changing the dynamic parameter /amcl do_beamskip. This vulnerability affects the nav2_amcl path and is rated critical. PT-/security advisories suggest interim mitigations: disable the nav2_amc...

9.8CVSS7.5AI score0.00571EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.68 views

CVE-2024-44853

CVE-2024-44853 — Summary: Open Robotics ROS 2 Navigation2 (version humble) contains a NULL pointer dereference in the computeControl() component. This affects the navigation2 package, with a potential impact to availability (as per CVSS: HIGH). The issue is exploitable over the network with no pr...

7.5CVSS7.4AI score0.00566EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.67 views

CVE-2024-44852

CVE-2024-44852 affects Open Robotics ROS2 navigation2 ( Humble ). The vulnerability is a segmentation violation in theta_star::ThetaStar::isUnsafeToPlan(), as described in multiple sources (NVD/Red Hat/CNNVD/CVELIST). CVSS vectors indicate network attack, low complexity with no privileges or user...

9.8CVSS7.4AI score0.00587EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.64 views

CVE-2024-41650

CVE-2024-41650 concerns an Insecure Permissions vulnerability in Open Robotics’ ROS 2 navigation2 (v.humble) affecting the nav2_costmap_2d component. The issue enables an attacker to execute arbitrary code via a crafted script, with impact stated as high for confidentiality and integrity and high...

9.8CVSS7.4AI score0.00473EPSS
CVE
CVE
added 2025/04/02 7:31 a.m.63 views

CVE-2024-39780

Summary (CVE-2024-39780) : A YAML deserialization vulnerability affects the Robot Operating System (ROS) dynparam tool used to manage parameters for ROS nodes, impacting Noetic and earlier. The root cause is the use of yaml.load() in the set and get verbs, which can instantiate arbitrary Python o...

9.8CVSS8AI score0.00373EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.61 views

CVE-2024-38921

CVE-2024-38921 affects ROS 2 / Nav2 Humble, with a use-after-free in the nav2_amcl process triggered by a remote request to change the value of the dynamic parameter /amcl z_rand. Affected components: Open Robotics ROS 2 and Nav2 humble versions; root cause described as use-after-free in nav2_amc...

9.8CVSS7.7AI score0.00584EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.60 views

CVE-2024-44855

Open Robotics ROS2 Navigation2 (nav2_navfn_planner) in the humble release is affected by a NULL pointer dereference. The CVE description and connected Red Hat, NVD, and other sources confirm the issue and its impact rating (HIGH, availability impact) with a network attack surface and no required ...

7.5CVSS7.4AI score0.00566EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.59 views

CVE-2024-38925

CVE-2024-38925 affects ROS2 (Open Robotics) and Nav2 humble; a use-after-free flaw in the nav2_amcl process is triggered remotely by a request to change the dynamic parameter /amcl z_max. The vulnerability is documented with high/critical impact across confidentiality, integrity, and availability...

9.8CVSS7.5AI score0.00571EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.59 views

CVE-2024-44854

CVE-2024-44854 affects Open Robotics ROS2 Navigation2, specifically the smoothPlan() component where a NULL pointer dereference is reported. The vulnerability is described across multiple sources (NVD, Red Hat, CVE lists) with an attack vector of NETWORK and no user interaction required, and with...

7.5CVSS7.4AI score0.00566EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.58 views

CVE-2024-41649

CVE-2024-41649 affects the ROS 2 navigation2 component (v.humble) of Open Robotics ROS 2. The issue is an Insecure Permissions vulnerability that allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. Root cause stated as insecure permissions. Impact is indicat...

9.8CVSS7.4AI score0.00677EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.57 views

CVE-2024-41646

The CVE-2024-41646 entry concerns the Open Robotics ROS2 Navigation2 (v.humble) insecure permissions issue in the nav2_dwb_controller. The root cause is insecure permissions that may allow an attacker to execute arbitrary code, with a network attack vector and no user interaction required. Impact...

9.8CVSS7.7AI score0.00677EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.56 views

CVE-2024-38924

Open Robotics ROS 2 (ROS2) and Nav2 Humble contain a use-after-free in the nav2_amcl process. The vulnerability is triggered by remotely changing the dynamic parameter /amcl_laser_model_type, enabling memory corruption through a crafted request. Affected components include the nav2_amcl workflow ...

9.8CVSS7.6AI score0.00545EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.55 views

CVE-2024-41648

CVE-2024-41648 concerns Open Robotics’ ROS 2 Navigation2 on the Humble release. The vulnerability arises from insecure permissions in the nav2_regulated_pure_pursuit_controller, enabling an attacker to execute arbitrary code by supplying a crafted script. Affected software: ROS 2 Navigation2 (nav...

9.8CVSS7.7AI score0.00473EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.54 views

CVE-2024-38923

Open Robotics ROS2 Humble and Nav2 Humble contain a use-after-free in the nav2_amcl process. The issue is triggered by a remote request to modify the dynamic parameter /amcl_odom_frame_id, enabling an attacker over the network to potentially compromise the affected system. CVSS indicates CRITICAL...

9.8CVSS7.6AI score0.00545EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.53 views

CVE-2024-38922

CVE-2024-38922 affects ROS2/Nav2 humble: a heap overflow in the nav2_amcl process triggered by a crafted message to /initialpose. Documented impacts include memory corruption/crashes; exploit status is not detailed in the sources. Remediation guidance within the provided materials is limited; one...

9.8CVSS7.8AI score0.00571EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.53 views

CVE-2024-38926

CVE-2024-38926 affects the ROS 2 ecosystem (ROS 2 Humble and Nav2 Humble) and is due to a use-after-free in the nav2_amcl process. The vulnerability is triggered by remotely sending a request to change the dynamic-parameter /amcl z_short, indicating a remote-access impact vector. The CVSS v3.1 me...

9.8CVSS7.5AI score0.00571EPSS
CVE
CVE
added 2020/08/20 8:5 a.m.52 views

CVE-2020-10289

CVE-2020-10289 affects the ROS core package’s actionlib, where an unsafe YAML parsing path in actionlib/tools/library.py:132 allows instantiation of arbitrary Python objects and can enable arbitrary code execution if an action message is processed. The vulnerability arises from using unsafe yaml....

8.8CVSS8.5AI score0.0195EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.52 views

CVE-2024-41644

CVE-2024-41644 affects Open Robotics ROS 2 navigation2 (Humble) via the dyn_param_handler_ component. The documented vulnerability is an insecure permissions flaw that allows an attacker to execute arbitrary code. Across sources (NVD, Red Hat, CNNVD, CVE listings), the CVSS‑3.1 base score is 9.8 ...

9.8CVSS7.8AI score0.00677EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.51 views

CVE-2024-41645

CVE-2024-41645 affects Open Robotics ROS 2 navigation2 (v.humble) — insecure permissions in the nav2__amcl component permit executing arbitrary code via a crafted script. The issue is described across multiple sources (including Red Hat and NVD listings) as a high-severity, network-based vulnerab...

9.8CVSS7.4AI score0.00677EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.51 views

CVE-2024-44856

CVE-2024-44856 affects Open Robotics ROS 2 Navigation2 (ROS2 Humble). The vulnerability is a NULL pointer dereference in the nav2_smac_planner() component, impacting the navigation stack and potentially causing denial of service (availability impact). The CVSS data indicates network access, low a...

7.5CVSS7.4AI score0.00566EPSS
CVE
CVE
added 2024/12/06 12:0 a.m.49 views

CVE-2024-41647

CVE-2024-41647 affects Open Robotics ROS2 navigation2 (v.humble) with an insecure permissions issue in the navigation2 package, specifically the nav2_mppi_controller. The root cause is improper permission controls that could allow an attacker to execute arbitrary code via a crafted script sent to...

9.8CVSS7.7AI score0.00677EPSS
CVE
CVE
added 2025/07/17 7:12 p.m.35 views

CVE-2024-41148

CVE-2024-41148 describes a code-injection flaw in the ROS rostopic hz command. The --filter option accepts a user-supplied Python expression which is passed directly to eval() without sanitization, enabling a local user to craft and execute arbitrary code. Affected releases include ROS Noetic Nin...

7.8CVSS7.3AI score0.0019EPSS
CVE
CVE
added 2025/07/17 7:12 p.m.34 views

CVE-2024-39835

CVE-2024-39835 affects the Robot Operating System (ROS) roslaunch tool in Noetic Ninjemys and earlier. The root cause is the use of eval() to process user-supplied, unsanitized parameter values in the substitution args mechanism, which roslaunch evaluates before launching a node. This leads to a ...

7.8CVSS7.3AI score0.00175EPSS
CVE
CVE
added 2025/07/17 7:11 p.m.32 views

CVE-2024-39289

The CVE-2024-39289 entry concerns the ROS rosparam tool. Affected software: Robot Operating System (ROS) distributions Noetic Ninjemys and earlier, where rosparam processes unsanitized parameter values using special converters for angle representations in radians. Root cause: use of Python’s eval...

7.8CVSS7.5AI score0.00177EPSS
CVE
CVE
added 2025/07/17 7:14 p.m.32 views

CVE-2025-3753

The CVE-2025-3753 issue affects the ROS rosbag tool, specifically ROS Noetic Ninjemys and earlier. The root cause is the use of Python’s eval() to process unsanitized, user-supplied input within the rosbag filter command, enabling potential arbitrary Python code execution. Documents consistently ...

7.8CVSS7.4AI score0.00195EPSS
CVE
CVE
added 2025/07/17 7:13 p.m.30 views

CVE-2024-41921

The CVE describes a code-injection vulnerability in the ROS rostopic echo command. Affected product: Robot Operating System (ROS) rostopic tool, affecting Noetic Ninjemys and earlier. Root cause: the echo verb accepts a user-supplied Python expression through --filter, and passes it directly to e...

7.8CVSS7.3AI score0.0019EPSS