Shodan
Vulnerabilities
Vulnerable Software
Openrobotics:  >> Robot Operating System  Security Vulnerabilities
CVE-2024-30962
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process
CVSS Score
7.8
EPSS Score
0.002
Published
2024-12-05
CVE-2024-25196
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-02-20
CVE-2024-25197
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-02-20
CVE-2024-25198
Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-02-20
CVE-2024-25199
Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-02-20
CVE-2022-48198
The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-01
CVE-2020-10289
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.
CVSS Score
8.0
EPSS Score
0.008
Published
2020-08-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved