ROS2 navigation2
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37863 | Cri | 0.64 | 9.8 | 0.00 | Dec 5, 2024 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. | ||
| CVE-2024-30963 | Hig | 0.51 | 7.8 | 0.00 | Dec 5, 2024 | Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script. | ||
| CVE-2024-37862 | Hig | 0.47 | 7.3 | 0.00 | Dec 5, 2024 | Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process. | ||
| CVE-2024-44852 | 0.00 | — | 0.00 | Dec 6, 2024 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). | |||
| CVE-2024-44854 | 0.00 | — | 0.00 | Dec 6, 2024 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). | |||
| CVE-2024-41645 | 0.00 | — | 0.00 | Dec 6, 2024 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | |||
| CVE-2024-41649 | 0.00 | — | 0.00 | Dec 6, 2024 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | |||
| CVE-2024-44853 | 0.00 | — | 0.00 | Dec 6, 2024 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). | |||
| CVE-2024-41650 | 0.00 | — | 0.00 | Dec 6, 2024 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | |||
| CVE-2024-41647 | 0.00 | — | 0.00 | Dec 6, 2024 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | |||
| CVE-2024-44856 | 0.00 | — | 0.00 | Dec 6, 2024 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). | |||
| CVE-2024-41646 | 0.00 | — | 0.00 | Dec 6, 2024 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | |||
| CVE-2024-44855 | 0.00 | — | 0.00 | Dec 6, 2024 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). | |||
| CVE-2024-41644 | 0.00 | — | 0.00 | Dec 6, 2024 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | |||
| CVE-2024-30961 | 0.00 | — | 0.00 | Dec 5, 2024 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. |
- risk 0.64cvss 9.8epss 0.00
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.
- risk 0.51cvss 7.8epss 0.00
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script.
- risk 0.47cvss 7.3epss 0.00
Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process.
- CVE-2024-44852Dec 6, 2024risk 0.00cvss —epss 0.00
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().
- CVE-2024-44854Dec 6, 2024risk 0.00cvss —epss 0.00
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan().
- CVE-2024-41645Dec 6, 2024risk 0.00cvss —epss 0.00
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.
- CVE-2024-41649Dec 6, 2024risk 0.00cvss —epss 0.00
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.
- CVE-2024-44853Dec 6, 2024risk 0.00cvss —epss 0.00
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl().
- CVE-2024-41650Dec 6, 2024risk 0.00cvss —epss 0.00
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d.
- CVE-2024-41647Dec 6, 2024risk 0.00cvss —epss 0.00
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.
- CVE-2024-44856Dec 6, 2024risk 0.00cvss —epss 0.00
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().
- CVE-2024-41646Dec 6, 2024risk 0.00cvss —epss 0.00
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller.
- CVE-2024-44855Dec 6, 2024risk 0.00cvss —epss 0.00
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().
- CVE-2024-41644Dec 6, 2024risk 0.00cvss —epss 0.00
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component.
- CVE-2024-30961Dec 5, 2024risk 0.00cvss —epss 0.00
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator.