Published: 30/12/2019 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) up to and including 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package). NOTE: The reporter of this issue now believes it was a false alarm.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ros ros-comm

Debian Bug report logs - #947946 ros-ros-comm: CVE-2019-13465 Package: src:ros-ros-comm; Maintainer for src:ros-ros-comm is Debian Science Maintainers <debian-science-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Jan 2020 15:42:02 UTC Severity: important Tag ...

Debian Bug report logs - #947947 ros-ros-comm: CVE-2019-13445 Package: src:ros-ros-comm; Maintainer for src:ros-ros-comm is Debian Science Maintainers <debian-science-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Jan 2020 15:42:04 UTC Severity: important Tag ...

NVD-CWE-noinfo https://github.com/ros/ros_comm/issues/1748 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947946

CVE-2019-13465

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect