CVE-2024-38922

Exploit

EPSS 0.56%
Veröffentlicht 06.12.2024 22:15:19
Zuletzt bearbeitet 17.12.2024 20:29:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openrobotics ≫ Robot Operating System Version2 Updatehumble

Openrobotics ≫ Robot Operating System Version2 Updateiron

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.421

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/GoesM/ROS-CVE-CNVDs

Third Party Advisory

https://github.com/open-navigation/navigation2/issues/4307

Exploit

Issue Tracking

https://github.com/ros-navigation/navigation2/issues/4294

Exploit

Issue Tracking

https://github.com/ros-navigation/navigation2/pull/4301

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38922

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38922

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38922

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-38922