Login Sign Up

CVE-2021-42218

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-42218 is a memory leak vulnerability in OMPL (Open Motion Planning Library) version 1.5.2's VFRRT.cpp component. This vulnerability allows attackers to cause denial of service through resource exhaustion by repeatedly triggering the memory leak. Systems using OMPL for motion planning in robotics, autonomous vehicles, or simulation software are affected.

💻 Affected Systems

Products:
  • OMPL (Open Motion Planning Library)
Versions: 1.5.2 specifically
Operating Systems: All platforms running OMPL
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the VFRRT (Vector Field RRT) planner component of OMPL.

📦 What is this software?

Open Motion Planning Library by Rice

View all CVEs affecting Open Motion Planning Library →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or unavailability due to memory exhaustion, potentially disrupting critical operations in robotics or autonomous systems.

🟠

Likely Case

Degraded performance over time leading to application instability or crashes requiring manual intervention.

🟢

If Mitigated

Minimal impact with proper memory monitoring and restart policies in place.

🌐 Internet-Facing: LOW - OMPL is typically used in internal systems or embedded applications, not directly internet-exposed.
🏢 Internal Only: MEDIUM - Could affect critical internal systems like robotics controllers or simulation environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to trigger VFRRT planner operations repeatedly. No authentication bypass needed if planner is accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.3 and later

Vendor Advisory: https://github.com/ompl/ompl/issues/839

Restart Required: Yes

Instructions:

1. Update OMPL to version 1.5.3 or later. 2. Recompile any applications using OMPL. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Disable VFRRT planner

all

Avoid using the vulnerable VFRRT planner component by switching to alternative planners in OMPL.

Modify configuration to use planners other than VFRRT

Memory monitoring and restart

all

Implement memory monitoring with automatic restart when memory usage exceeds thresholds.

Implement system monitoring (e.g., using systemd, supervisor, or custom scripts)

🧯 If You Can't Patch

  • Implement strict memory usage limits and automatic restart policies
  • Isolate OMPL applications in containers with memory constraints

🔍 How to Verify

Check if Vulnerable:

Check OMPL version: if using 1.5.2 and VFRRT planner is enabled, system is vulnerable.

Check Version:

ompl_app --version or check OMPL header files/installation

Verify Fix Applied:

Verify OMPL version is 1.5.3 or later and test VFRRT planner operations for memory stability.

📡 Detection & Monitoring

Log Indicators:

  • Increasing memory usage over time without corresponding workload increase
  • Application crashes with out-of-memory errors

Network Indicators:

  • N/A - local vulnerability

SIEM Query:

Process memory usage anomalies for OMPL-related processes

📊 Metadata

CVE ID: CVE-2021-42218
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: May 3, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42218, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)