Lucene search
+L
OpenroboticsRobot Operating Systemindigo igloo

6 matches found

CVE
CVE
added 2025/04/02 7:31 a.m.66 views

CVE-2024-39780

Summary (CVE-2024-39780) : A YAML deserialization vulnerability affects the Robot Operating System (ROS) dynparam tool used to manage parameters for ROS nodes, impacting Noetic and earlier. The root cause is the use of yaml.load() in the set and get verbs, which can instantiate arbitrary Python o...

9.8CVSS8AI score0.00373EPSS
CVE
CVE
added 2025/07/17 7:12 p.m.36 views

CVE-2024-41148

CVE-2024-41148 describes a code-injection flaw in the ROS rostopic hz command. The --filter option accepts a user-supplied Python expression which is passed directly to eval() without sanitization, enabling a local user to craft and execute arbitrary code. Affected releases include ROS Noetic Nin...

7.8CVSS7.3AI score0.0019EPSS
CVE
CVE
added 2025/07/17 7:12 p.m.34 views

CVE-2024-39835

CVE-2024-39835 affects the Robot Operating System (ROS) roslaunch tool in Noetic Ninjemys and earlier. The root cause is the use of eval() to process user-supplied, unsanitized parameter values in the substitution args mechanism, which roslaunch evaluates before launching a node. This leads to a ...

7.8CVSS7.3AI score0.00175EPSS
CVE
CVE
added 2025/07/17 7:14 p.m.34 views

CVE-2025-3753

The CVE-2025-3753 issue affects the ROS rosbag tool, specifically ROS Noetic Ninjemys and earlier. The root cause is the use of Python’s eval() to process unsanitized, user-supplied input within the rosbag filter command, enabling potential arbitrary Python code execution. Documents consistently ...

7.8CVSS7.4AI score0.00195EPSS
CVE
CVE
added 2025/07/17 7:11 p.m.32 views

CVE-2024-39289

The CVE-2024-39289 entry concerns the ROS rosparam tool. Affected software: Robot Operating System (ROS) distributions Noetic Ninjemys and earlier, where rosparam processes unsanitized parameter values using special converters for angle representations in radians. Root cause: use of Python’s eval...

7.8CVSS7.5AI score0.00177EPSS
CVE
CVE
added 2025/07/17 7:13 p.m.30 views

CVE-2024-41921

The CVE describes a code-injection vulnerability in the ROS rostopic echo command. Affected product: Robot Operating System (ROS) rostopic tool, affecting Noetic Ninjemys and earlier. Root cause: the echo verb accepts a user-supplied Python expression through --filter, and passes it directly to e...

7.8CVSS7.3AI score0.0019EPSS