VYPR

ROS2

by Open Robotics

CVEs (8)

  • CVE-2024-37863CriDec 5, 2024
    risk 0.64cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.

  • CVE-2024-37861CriDec 5, 2024
    risk 0.64cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.

  • CVE-2024-38910HigDec 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters.

  • CVE-2024-30964HigDec 5, 2024
    risk 0.44cvss 7.8epss 0.00

    Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator

  • CVE-2024-38926CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`.

  • CVE-2024-38924CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` .

  • CVE-2024-38923CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` .

  • CVE-2024-38922CriDec 6, 2024
    risk 0.00cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose.