CRITICAL🇵🇱 Wersja polska

CVE-2024-44852

CVSS 9.8v3.1pub. 2024-12-06upd. 2024-12-17

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().

🤖 AI Analysis
How it works

The error classified as CWE-763 (use-after-free) involves improper memory access in the theta_star path planning component of the navigation2 module. Calling the isUnsafeToPlan() function can result in a segmentation violation, leading to process crash. Due to the network attack vector (AV:N) without requiring authentication (PR:N) or user interaction (UI:N), the vulnerability can be triggered remotely.

Impact

An attacker can cause a crash of the robot's navigation process (loss of availability), and potentially – due to the critical CVSS rating considering high confidentiality and integrity scores – further impact on system operation. In robotic environments, this may result in loss of control over robot behavior.

Mitigation & patch

Apply patches available from the vendor according to references. A fix submission is available in the project repository (pull request #4463 in the ros-navigation/navigation2 repository). It is recommended to monitor official navigation2 releases and update to a version containing the fix.

Who is affected

Open Robotics Robot Operating System 2 (ROS2) navigation2 in humble version

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Openrobotics Robot Operating System

    APP
    Openrobotics
    2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-38924CRITICAL9.8PL ✓ten sam produkt

Use-after-free w ROS2 Nav2 humble — zdalny exploit przez nav2_amcl

CVE-2024-38922CRITICAL9.8PL ✓ten sam produkt

Heap overflow w procesie nav2_amcl systemu ROS2 Nav2

CVE-2024-38921CRITICAL9.8PL ✓ten sam produkt

Use-after-free w ROS2 Nav2 — zdalny atak przez parametr /amcl z_rand

CVE-2024-38923CRITICAL9.8PL ✓ten sam produkt

Use-after-free w ROS2 Nav2 humble poprzez proces nav2_amcl

CVE-2024-38925CRITICAL9.8PL ✓ten sam produkt

Use-after-free w ROS2 Nav2 — zdalny atak przez zmianę parametru AMCL