Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` .
The vulnerability is triggered by remotely sending a request to change the dynamic parameter value `/amcl odom_frame_id` in the nav2_amcl process. This operation leads to access of a memory area that has already been freed (use-after-free), which is a memory management error classified as CWE-416. The exploit requires no authentication or user interaction, and the attack vector is network-based, making it particularly dangerous in environments exposed to the network.
An attacker can achieve arbitrary code execution (RCE), take control of the nav2_amcl process, or destabilize the robotic system, which could consequently threaten the physical safety of the operated robot. It is also possible to compromise the confidentiality, integrity, and availability of the system.
Patches available from the manufacturer should be applied according to the references. The fix was processed as part of pull request #4397 in the ros-navigation/navigation2 repository. It is recommended to monitor the official project repository and implement available updates as soon as possible. Until patching, consider isolating ROS2 interfaces from public networks and restricting access to dynamic parameters of nav2_amcl.
Open Robotics Robot Operating System 2 (ROS2) and Nav2 in humble version
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpenrobotics Robot Operating System
APPOpenrobotics2
Related vulnerabilities
Use-after-free w ROS2 Nav2 — zdalny atak przez zmianę parametru AMCL
Heap overflow w procesie nav2_amcl systemu ROS2 Nav2
Use-after-free w ROS2 Nav2 — zdalny atak przez parametr /amcl z_rand
Use-after-free w ROS2 Nav2 humble — zdalny exploit przez nav2_amcl
Use-after-free w ROS2 Nav2 humble via proces nav2_amcl