9.8
CVSSv3

CVE-2024-38926

CVSSv4: NA | CVSSv3: 9.8 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.0007 | KEV: Not Included
Published: 06/12/2024 Updated: 17/12/2024

Vulnerability Summary

Use-After-Free Vulnerability in ROS2 Nav2's Dynamic Parameter Handling

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions have a vulnerability called use-after-free. This happens in the nav2_amcl process. It can be triggered remotely by sending a request to change the value of the dynamic parameter `/amcl z_short`.

Vulnerable Product Search on Vulmon Subscribe to Product

openrobotics robot operating system 2