Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` .
The vulnerability consists of improper memory management in the nav2_amcl process — after freeing a memory area, it is possible to continue referencing it (use-after-free, CWE-416). An attacker can remotely trigger the error by sending a request to change the value of the dynamic parameter /amcl z_max to the navigation process. The attack vector is network-based, requires no authentication or user interaction, making this vulnerability particularly dangerous in network-exposed environments.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the nav2_amcl process, and consequently take control of the robotic system, violate its confidentiality and integrity, or cause denial of service (DoS).
Apply patches available from the vendor according to the references — the fix is tracked in the navigation2 repository (pull request #4397). It is recommended to update Nav2 to a version containing this fix and restrict network access to ROS2 interfaces only to trusted hosts.
Open Robotics Robot Operating System 2 (ROS2) and Nav2 version humble
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpenrobotics Robot Operating System
APPOpenrobotics2
Related vulnerabilities
Use-after-free w ROS2 Nav2 humble — zdalny exploit przez nav2_amcl
Heap overflow w procesie nav2_amcl systemu ROS2 Nav2
Use-after-free w ROS2 Nav2 — zdalny atak przez parametr /amcl z_rand
Use-after-free w ROS2 Nav2 humble poprzez proces nav2_amcl
Use-after-free w ROS2 Nav2 humble via proces nav2_amcl