9.8
CVSSv3

CVE-2024-38925

CVSSv4: NA | CVSSv3: 9.8 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.0007 | KEV: Not Included
Published: 06/12/2024 Updated: 17/12/2024

Vulnerability Summary

Use-After-Free Vulnerability in ROS2 Nav2 Humble via Remote Request

Researchers found a problem in Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions. It's called a use-after-free vulnerability. This happens in the nav2_amcl process. The vulnerability can be triggered. To do this, someone can remotely send a request. This request changes the value of the dynamic-parameter `/amcl z_max`.

Vulnerable Product Search on Vulmon Subscribe to Product

openrobotics robot operating system 2