32 matches found
CVE-2024-25197
CVE-2024-25197 affects Open Robotics ROS2 and Nav2 Humble; it is a NULL pointer dereference in isCurrent() within /src/layered_costmap.cpp. Affected components and exact root cause are described across multiple sources (ROS2/Nav2 humble). The CVSS metric indicates a network-exposed, low-privilege...
CVE-2024-25199
CVE-2024-25199 affects Open Robotics ROS 2 (2) and Nav2 humble, caused by an inappropriate pointer order between map_sub_ and map_free in amcl_node.cpp, leading to a use-after-free. The entry is supported by multiple sources (NVD, Red Hat, OSV, CVE lists) and notes a high-severity impact (I/H; A/...
CVE-2024-25196
Open Robotics ROS 2 and Nav2 humble contain a buffer overflow in the nav2_controller process, triggerable by a crafted YAML file. Affected components: ROS 2, Nav2 (humble); root cause: uncontrolled memory handling in nav2_controller. Impact per sources: potential crash/denial by exploitation of Y...
CVE-2024-25198
CVE-2024-25198 affects Open Robotics ROS 2 and Nav2 humble. The issue is an incorrect pointer order in amcl_node.cpp: laser_scan_filter_.reset() is called before tf_listener_.reset(), causing a use-after-free. Connected documents point to the Nav2/amcl changes and related GitHub PRs (e.g., naviga...
CVE-2024-30962
The vulnerability CVE-2024-30962 affects Open Robotics ROS 2 navigation2 (navigation2-humble) with a buffer overflow in the nav2_amcl process. A local attacker can exploit this to execute arbitrary code. The issue is documented across multiple sources (e.g., NVD, Red Hat, CNNVD, CIRCL) with a CVS...
CVE-2024-30961
CVE-2024-30961 affects Open Robotics ROS2 Navigation2 (navigation2-humble and related nav2_bt_navigator). The vulnerability is described as an insecure permissions issue that enables a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. CVSS data indicate...
CVE-2024-38927
ROS2 (Humble) and Nav2 humble include a use-after-free in the nav2_amcl process, exploitable by remotely changing the dynamic parameter /amcl do_beamskip. This vulnerability affects the nav2_amcl path and is rated critical. PT-/security advisories suggest interim mitigations: disable the nav2_amc...
CVE-2024-44853
CVE-2024-44853 — Summary: Open Robotics ROS 2 Navigation2 (version humble) contains a NULL pointer dereference in the computeControl() component. This affects the navigation2 package, with a potential impact to availability (as per CVSS: HIGH). The issue is exploitable over the network with no pr...
CVE-2024-44852
CVE-2024-44852 affects Open Robotics ROS2 navigation2 ( Humble ). The vulnerability is a segmentation violation in theta_star::ThetaStar::isUnsafeToPlan(), as described in multiple sources (NVD/Red Hat/CNNVD/CVELIST). CVSS vectors indicate network attack, low complexity with no privileges or user...
CVE-2024-41650
CVE-2024-41650 concerns an Insecure Permissions vulnerability in Open Robotics’ ROS 2 navigation2 (v.humble) affecting the nav2_costmap_2d component. The issue enables an attacker to execute arbitrary code via a crafted script, with impact stated as high for confidentiality and integrity and high...
CVE-2024-39780
Summary (CVE-2024-39780) : A YAML deserialization vulnerability affects the Robot Operating System (ROS) dynparam tool used to manage parameters for ROS nodes, impacting Noetic and earlier. The root cause is the use of yaml.load() in the set and get verbs, which can instantiate arbitrary Python o...
CVE-2024-38921
CVE-2024-38921 affects ROS 2 / Nav2 Humble, with a use-after-free in the nav2_amcl process triggered by a remote request to change the value of the dynamic parameter /amcl z_rand. Affected components: Open Robotics ROS 2 and Nav2 humble versions; root cause described as use-after-free in nav2_amc...
CVE-2024-44855
Open Robotics ROS2 Navigation2 (nav2_navfn_planner) in the humble release is affected by a NULL pointer dereference. The CVE description and connected Red Hat, NVD, and other sources confirm the issue and its impact rating (HIGH, availability impact) with a network attack surface and no required ...
CVE-2024-38925
CVE-2024-38925 affects ROS2 (Open Robotics) and Nav2 humble; a use-after-free flaw in the nav2_amcl process is triggered remotely by a request to change the dynamic parameter /amcl z_max. The vulnerability is documented with high/critical impact across confidentiality, integrity, and availability...
CVE-2024-44854
CVE-2024-44854 affects Open Robotics ROS2 Navigation2, specifically the smoothPlan() component where a NULL pointer dereference is reported. The vulnerability is described across multiple sources (NVD, Red Hat, CVE lists) with an attack vector of NETWORK and no user interaction required, and with...
CVE-2024-41649
CVE-2024-41649 affects the ROS 2 navigation2 component (v.humble) of Open Robotics ROS 2. The issue is an Insecure Permissions vulnerability that allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. Root cause stated as insecure permissions. Impact is indicat...
CVE-2024-41646
The CVE-2024-41646 entry concerns the Open Robotics ROS2 Navigation2 (v.humble) insecure permissions issue in the nav2_dwb_controller. The root cause is insecure permissions that may allow an attacker to execute arbitrary code, with a network attack vector and no user interaction required. Impact...
CVE-2024-38924
Open Robotics ROS 2 (ROS2) and Nav2 Humble contain a use-after-free in the nav2_amcl process. The vulnerability is triggered by remotely changing the dynamic parameter /amcl_laser_model_type, enabling memory corruption through a crafted request. Affected components include the nav2_amcl workflow ...
CVE-2024-41648
CVE-2024-41648 concerns Open Robotics’ ROS 2 Navigation2 on the Humble release. The vulnerability arises from insecure permissions in the nav2_regulated_pure_pursuit_controller, enabling an attacker to execute arbitrary code by supplying a crafted script. Affected software: ROS 2 Navigation2 (nav...
CVE-2024-38923
Open Robotics ROS2 Humble and Nav2 Humble contain a use-after-free in the nav2_amcl process. The issue is triggered by a remote request to modify the dynamic parameter /amcl_odom_frame_id, enabling an attacker over the network to potentially compromise the affected system. CVSS indicates CRITICAL...
CVE-2024-38922
CVE-2024-38922 affects ROS2/Nav2 humble: a heap overflow in the nav2_amcl process triggered by a crafted message to /initialpose. Documented impacts include memory corruption/crashes; exploit status is not detailed in the sources. Remediation guidance within the provided materials is limited; one...
CVE-2024-38926
CVE-2024-38926 affects the ROS 2 ecosystem (ROS 2 Humble and Nav2 Humble) and is due to a use-after-free in the nav2_amcl process. The vulnerability is triggered by remotely sending a request to change the dynamic-parameter /amcl z_short, indicating a remote-access impact vector. The CVSS v3.1 me...
CVE-2020-10289
CVE-2020-10289 affects the ROS core package’s actionlib, where an unsafe YAML parsing path in actionlib/tools/library.py:132 allows instantiation of arbitrary Python objects and can enable arbitrary code execution if an action message is processed. The vulnerability arises from using unsafe yaml....
CVE-2024-41644
CVE-2024-41644 affects Open Robotics ROS 2 navigation2 (Humble) via the dyn_param_handler_ component. The documented vulnerability is an insecure permissions flaw that allows an attacker to execute arbitrary code. Across sources (NVD, Red Hat, CNNVD, CVE listings), the CVSS‑3.1 base score is 9.8 ...
CVE-2024-41645
CVE-2024-41645 affects Open Robotics ROS 2 navigation2 (v.humble) — insecure permissions in the nav2__amcl component permit executing arbitrary code via a crafted script. The issue is described across multiple sources (including Red Hat and NVD listings) as a high-severity, network-based vulnerab...
CVE-2024-44856
CVE-2024-44856 affects Open Robotics ROS 2 Navigation2 (ROS2 Humble). The vulnerability is a NULL pointer dereference in the nav2_smac_planner() component, impacting the navigation stack and potentially causing denial of service (availability impact). The CVSS data indicates network access, low a...
CVE-2024-41647
CVE-2024-41647 affects Open Robotics ROS2 navigation2 (v.humble) with an insecure permissions issue in the navigation2 package, specifically the nav2_mppi_controller. The root cause is improper permission controls that could allow an attacker to execute arbitrary code via a crafted script sent to...
CVE-2024-41148
CVE-2024-41148 describes a code-injection flaw in the ROS rostopic hz command. The --filter option accepts a user-supplied Python expression which is passed directly to eval() without sanitization, enabling a local user to craft and execute arbitrary code. Affected releases include ROS Noetic Nin...
CVE-2024-39835
CVE-2024-39835 affects the Robot Operating System (ROS) roslaunch tool in Noetic Ninjemys and earlier. The root cause is the use of eval() to process user-supplied, unsanitized parameter values in the substitution args mechanism, which roslaunch evaluates before launching a node. This leads to a ...
CVE-2024-39289
The CVE-2024-39289 entry concerns the ROS rosparam tool. Affected software: Robot Operating System (ROS) distributions Noetic Ninjemys and earlier, where rosparam processes unsanitized parameter values using special converters for angle representations in radians. Root cause: use of Python’s eval...
CVE-2025-3753
The CVE-2025-3753 issue affects the ROS rosbag tool, specifically ROS Noetic Ninjemys and earlier. The root cause is the use of Python’s eval() to process unsanitized, user-supplied input within the rosbag filter command, enabling potential arbitrary Python code execution. Documents consistently ...
CVE-2024-41921
The CVE describes a code-injection vulnerability in the ROS rostopic echo command. Affected product: Robot Operating System (ROS) rostopic tool, affecting Noetic Ninjemys and earlier. Root cause: the echo verb accepts a user-supplied Python expression through --filter, and passes it directly to e...