CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-39835

A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized parameter values within the substitution args mechanism, which roslaunch evaluates before launching a node. This flaw allows attackers to craft and execute arbitrary Python code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.7%

CVSS Severity

CVSS v3 Score 7.8

References

https://www.ros.org/blog/noetic-eol/

Products affected by CVE-2024-39835

Openrobotics » Robot Operating System » Version: indigo_igloo

cpe:2.3:o:openrobotics:robot_operating_system:indigo_igloo
Openrobotics » Robot Operating System » Version: kinetic_kame

cpe:2.3:o:openrobotics:robot_operating_system:kinetic_kame
Openrobotics » Robot Operating System » Version: melodic_morenia

cpe:2.3:o:openrobotics:robot_operating_system:melodic_morenia
Openrobotics » Robot Operating System » Version: noetic_ninjemys

cpe:2.3:o:openrobotics:robot_operating_system:noetic_ninjemys

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-39835

Products

Pricing

Contact Us