📦 Robot Operating System

This CVE describes an insecure permissions vulnerability in ROS2 navigation2 that allows attackers to execute arbitrary code via a crafted script targeting the executor_thread_. Systems running ROS2 n...

CVE-2024-44852 is a critical memory corruption vulnerability in ROS2 navigation2's theta_star planner that allows attackers to cause segmentation faults and potentially execute arbitrary code. This af...

This CVE describes a use-after-free vulnerability in ROS2 Nav2's AMCL (Adaptive Monte Carlo Localization) component. Attackers can remotely trigger memory corruption by sending a request to change the...

This CVE describes a use-after-free vulnerability in ROS2 Nav2's AMCL process that can be triggered remotely by sending a request to change the dynamic parameter '/amcl do_beamskip'. This allows attac...

This CVE describes an insecure permissions vulnerability in ROS2 navigation2's nav2_amcl component that allows attackers to execute arbitrary code via a crafted script. Systems running ROS2 navigation...

CVE-2024-41647 is an insecure permissions vulnerability in ROS2 navigation2's nav2_mppi_controller component that allows attackers to execute arbitrary code via a crafted script. This affects ROS2 Hum...

CVE-2024-38921 is a critical use-after-free vulnerability in ROS2 Nav2's AMCL component that allows remote attackers to potentially execute arbitrary code or crash the navigation system by sending spe...

This CVE describes a use-after-free vulnerability in ROS2 Nav2's AMCL process that can be triggered remotely by sending a request to change the dynamic parameter '/amcl odom_frame_id'. Attackers can e...

This CVE describes a use-after-free vulnerability in ROS2 Nav2's AMCL node due to incorrect pointer reset order. Attackers could exploit this to crash the navigation system or potentially execute arbi...

A remote code execution vulnerability exists in ROS 'rosbag' tool due to unsafe eval() usage on user input in the 'rosbag filter' command. Attackers can execute arbitrary Python code by crafting malic...

This CVE describes a remote code execution vulnerability in ROS's rosparam tool where attackers can execute arbitrary Python code by crafting malicious parameter values. It affects ROS Noetic Ninjemys...

This CVE allows local users to execute arbitrary Python code through the ROS rostopic command's 'hz' verb filter option. The vulnerability affects ROS Noetic Ninjemys and earlier distributions where t...

CVE-2024-44854 is a NULL pointer dereference vulnerability in ROS2 navigation2's smoothPlan() function that can cause denial of service or potentially arbitrary code execution. This affects robotic sy...

CVE-2024-44856 is a NULL pointer dereference vulnerability in ROS2 navigation2's nav2_smac_planner component that can cause denial of service. This affects robotic systems using ROS2 navigation2 v.hum...

This CVE describes an insecure permissions vulnerability in ROS2 navigation2 that allows local attackers to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. It affects ROS2 ...