VYPR

Nav2

by Open Robotics

CVEs (11)

  • CVE-2024-37861CriDec 5, 2024
    risk 0.64cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.

  • CVE-2024-38910HigDec 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters.

  • CVE-2024-38927CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`.

  • CVE-2024-38926CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`.

  • CVE-2024-38925CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` .

  • CVE-2024-38924CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` .

  • CVE-2024-38923CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` .

  • CVE-2024-38922CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose.

  • CVE-2024-25199HigFeb 20, 2024
    risk 0.00cvss 8.1epss 0.01

    Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

  • CVE-2024-25198CriFeb 20, 2024
    risk 0.00cvss 9.1epss 0.01

    Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

  • CVE-2024-25196LowFeb 20, 2024
    risk 0.00cvss 3.3epss 0.00

    Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.