Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.
Thank you for your detailed overview regarding the CVEs attributed to our
research on ROS/ROS 2 We appreciate the scrutiny and understand the
concerns raised by you and other parties
I want to clarify that our findings are based on extensive tests conducted
in real-world scenarios within controlled laboratory settings, where actual
robots were s ...
Thank you for the guidance I will review the disclosure policy outlined in
REP-2006 and prepare a detailed report with proof of concepts I also plan
to reach out to the upstream team for further advice and will share the
manuscript with them as suggested
*Yash Patel*
PhD Research Scholar
National Forensic Sciences University
Ministry of Home ...
Many thanks to Florencia Cabral Berenfus for her analysis of these claims!
Mark Esler
[0] dlacmorg/doi/abs/101145/35739103573912
[1] githubcom/yashpatelphd/CVE-2024-30737/issues/1
[3] githubcom/yashpatelphd/CVE-2023-33565
[5] githubcom/yashpatelphd/CVE-2024-30737 ...
Information Leakage in ROS Kinetic Kame via Plaintext Message Transmission
CVE ID
CVE-2024-30727
Title
Information Leakage in ROS Kinetic Kame via Plaintext Message Transmission
Vulnerability Type
Information Leakage and Unauthorized Access to Sensitive Data
Severity
TBD
Vendor
The Open Source Robotics Foundation (OSRF)
Products Affected
ROS Kinetic Kame (ROS_VERSION=1 and ROS_PYTHON_VERSION=3)
Description
A critical vulnerability has been discovered