CRITICAL🇵🇱 Wersja polska

CVE-2024-38922

CVSS 9.8v3.1pub. 2024-12-06upd. 2024-12-17

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose.

🤖 AI Analysis
How it works

The vulnerability consists of a heap buffer overflow (heap overflow, CWE-787, CWE-120) in the nav2_amcl process, which is responsible for robot localization using the Monte Carlo method. An attacker sends a specially crafted network message to the ROS2 /initialpose topic, causing data to be written beyond the boundaries of the allocated heap buffer. Due to the lack of authentication requirements and low attack complexity, the exploit can be performed remotely without any privileges.

Impact

Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution (RCE), cause a crash of the robot's navigation process, or take control of the system — which in robotic environments may lead to physical consequences. The vulnerability provides complete impact on confidentiality, integrity, and availability of the system (CVSS C:H/I:H/A:H).

Mitigation & patch

Patches available from the vendor should be applied according to references — the fix pull request is available in the ros-navigation/navigation2 repository (PR #4301). It is also recommended to restrict network access to the /initialpose topic exclusively to trusted senders using access control mechanisms or network-level firewall rules.

Who is affected

Open Robotics Robot Operating System 2 (ROS2) and Nav2 in the humble version

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Openrobotics Robot Operating System

    APP
    Openrobotics
    2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-38925CRITICAL9.8PL ✓ten sam produkt

Use-after-free w ROS2 Nav2 — zdalny atak przez zmianę parametru AMCL

CVE-2024-38923CRITICAL9.8PL ✓ten sam produkt

Use-after-free w ROS2 Nav2 humble poprzez proces nav2_amcl

CVE-2024-38921CRITICAL9.8PL ✓ten sam produkt

Use-after-free w ROS2 Nav2 — zdalny atak przez parametr /amcl z_rand

CVE-2024-38924CRITICAL9.8PL ✓ten sam produkt

Use-after-free w ROS2 Nav2 humble — zdalny exploit przez nav2_amcl

CVE-2024-38926CRITICAL9.8PL ✓ten sam produkt

Use-after-free w ROS2 Nav2 humble via proces nav2_amcl