Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by opennav
CVE-2026-26011 (GCVE-0-2026-26011)
Vulnerability from nvd – Published: 2026-02-12 20:42 – Updated: 2026-02-13 17:14
VLAI
Title
Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution
Summary
navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme covariance values to the /initialpose topic, an unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write (set->clusters[-1]) into heap memory preceding the allocated buffer. In Release builds, the sole boundary check (assert) is compiled out, leaving zero runtime protection. This primitive allows controlled corruption of the heap chunk metadata(at least the size of the heap chunk where the set->clusters is in is controllable by the attacker), potentially leading to further exploitation. At minimum, it provides a reliable single-packet denial of service that kills localization and halts all navigation.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/ros-navigation/navigation2/sec… | x_refsource_CONFIRM |
| https://github.com/ros-navigation/navigation2/com… | x_refsource_MISC |
| https://github.com/ros-navigation/navigation2/rel… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ros-navigation | navigation2 |
Affected:
<= 1.3.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26011",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T17:14:36.872087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T17:14:40.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ros-navigation/navigation2/security/advisories/GHSA-mgj5-g2p6-gc5x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "navigation2",
"vendor": "ros-navigation",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.3.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL\u0027s particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme covariance values to the /initialpose topic, an unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write (set-\u003eclusters[-1]) into heap memory preceding the allocated buffer. In Release builds, the sole boundary check (assert) is compiled out, leaving zero runtime protection. This primitive allows controlled corruption of the heap chunk metadata(at least the size of the heap chunk where the set-\u003eclusters is in is controllable by the attacker), potentially leading to further exploitation. At minimum, it provides a reliable single-packet denial of service that kills localization and halts all navigation."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T20:42:50.758Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ros-navigation/navigation2/security/advisories/GHSA-mgj5-g2p6-gc5x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ros-navigation/navigation2/security/advisories/GHSA-mgj5-g2p6-gc5x"
},
{
"name": "https://github.com/ros-navigation/navigation2/commit/d09ea82477ce9234678a6febf6890235e0a7ce12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ros-navigation/navigation2/commit/d09ea82477ce9234678a6febf6890235e0a7ce12"
},
{
"name": "https://github.com/ros-navigation/navigation2/releases/tag/1.3.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ros-navigation/navigation2/releases/tag/1.3.11"
}
],
"source": {
"advisory": "GHSA-mgj5-g2p6-gc5x",
"discovery": "UNKNOWN"
},
"title": "Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26011",
"datePublished": "2026-02-12T20:42:50.758Z",
"dateReserved": "2026-02-09T21:36:29.553Z",
"dateUpdated": "2026-02-13T17:14:40.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-25196 (GCVE-0-2024-25196)
Vulnerability from nvd – Published: 2024-02-20 00:00 – Updated: 2024-08-15 13:48
VLAI
Summary
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openrobotics | robot_operating_system |
Affected:
humble
cpe:2.3:o:openrobotics:robot_operating_system:humble:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/4005"
},
{
"tags": [
"x_transferred"
],
"url": "https://robotics.stackexchange.com/questions/106008/ros2nav2user-misconfiguration-of-parameters-may-cause-instantaneous-crashs"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4017"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:openrobotics:robot_operating_system:humble:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_operating_system",
"vendor": "openrobotics",
"versions": [
{
"status": "affected",
"version": "humble"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25196",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T18:36:55.527849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:48:00.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T13:30:29.821Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/issues/4005"
},
{
"url": "https://robotics.stackexchange.com/questions/106008/ros2nav2user-misconfiguration-of-parameters-may-cause-instantaneous-crashs"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4017"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25196",
"datePublished": "2024-02-20T00:00:00.000Z",
"dateReserved": "2024-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-15T13:48:00.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25197 (GCVE-0-2024-25197)
Vulnerability from nvd – Published: 2024-02-20 00:00 – Updated: 2024-10-29 20:06
VLAI
Summary
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-476 - NULL Pointer Dereference
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T17:12:51.160399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:06:53.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/3940"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/3958"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/3971"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/3972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T13:30:31.558Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/issues/3940"
},
{
"url": "https://github.com/ros-planning/navigation2/issues/3958"
},
{
"url": "https://github.com/ros-planning/navigation2/issues/3971"
},
{
"url": "https://github.com/ros-planning/navigation2/issues/3972"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25197",
"datePublished": "2024-02-20T00:00:00.000Z",
"dateReserved": "2024-02-07T00:00:00.000Z",
"dateUpdated": "2024-10-29T20:06:53.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25199 (GCVE-0-2024-25199)
Vulnerability from nvd – Published: 2024-02-20 00:00 – Updated: 2024-08-29 13:39
VLAI
Summary
Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openrobotics | robot_operating_system |
Affected:
2
cpe:2.3:o:openrobotics:robot_operating_system:2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4078"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4079"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:openrobotics:robot_operating_system:2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_operating_system",
"vendor": "openrobotics",
"versions": [
{
"status": "affected",
"version": "2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25199",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T17:46:08.498242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T13:39:39.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T13:30:33.767Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4078"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25199",
"datePublished": "2024-02-20T00:00:00.000Z",
"dateReserved": "2024-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-29T13:39:39.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25198 (GCVE-0-2024-25198)
Vulnerability from nvd – Published: 2024-02-20 00:00 – Updated: 2024-08-01 23:36
VLAI
Summary
Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openrobotics | robot_operating_system |
Affected:
2
cpe:2.3:o:openrobotics:robot_operating_system:2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:openrobotics:robot_operating_system:2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_operating_system",
"vendor": "openrobotics",
"versions": [
{
"status": "affected",
"version": "2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T14:07:17.094507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T20:27:49.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4068"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4070"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T13:30:32.939Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/pull/4068"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4070"
},
{
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25198",
"datePublished": "2024-02-20T00:00:00.000Z",
"dateReserved": "2024-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-01T23:36:21.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-26011 (GCVE-0-2026-26011)
Vulnerability from cvelistv5 – Published: 2026-02-12 20:42 – Updated: 2026-02-13 17:14
VLAI
Title
Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution
Summary
navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme covariance values to the /initialpose topic, an unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write (set->clusters[-1]) into heap memory preceding the allocated buffer. In Release builds, the sole boundary check (assert) is compiled out, leaving zero runtime protection. This primitive allows controlled corruption of the heap chunk metadata(at least the size of the heap chunk where the set->clusters is in is controllable by the attacker), potentially leading to further exploitation. At minimum, it provides a reliable single-packet denial of service that kills localization and halts all navigation.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/ros-navigation/navigation2/sec… | x_refsource_CONFIRM |
| https://github.com/ros-navigation/navigation2/com… | x_refsource_MISC |
| https://github.com/ros-navigation/navigation2/rel… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ros-navigation | navigation2 |
Affected:
<= 1.3.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26011",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T17:14:36.872087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T17:14:40.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ros-navigation/navigation2/security/advisories/GHSA-mgj5-g2p6-gc5x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "navigation2",
"vendor": "ros-navigation",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.3.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL\u0027s particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme covariance values to the /initialpose topic, an unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write (set-\u003eclusters[-1]) into heap memory preceding the allocated buffer. In Release builds, the sole boundary check (assert) is compiled out, leaving zero runtime protection. This primitive allows controlled corruption of the heap chunk metadata(at least the size of the heap chunk where the set-\u003eclusters is in is controllable by the attacker), potentially leading to further exploitation. At minimum, it provides a reliable single-packet denial of service that kills localization and halts all navigation."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T20:42:50.758Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ros-navigation/navigation2/security/advisories/GHSA-mgj5-g2p6-gc5x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ros-navigation/navigation2/security/advisories/GHSA-mgj5-g2p6-gc5x"
},
{
"name": "https://github.com/ros-navigation/navigation2/commit/d09ea82477ce9234678a6febf6890235e0a7ce12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ros-navigation/navigation2/commit/d09ea82477ce9234678a6febf6890235e0a7ce12"
},
{
"name": "https://github.com/ros-navigation/navigation2/releases/tag/1.3.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ros-navigation/navigation2/releases/tag/1.3.11"
}
],
"source": {
"advisory": "GHSA-mgj5-g2p6-gc5x",
"discovery": "UNKNOWN"
},
"title": "Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26011",
"datePublished": "2026-02-12T20:42:50.758Z",
"dateReserved": "2026-02-09T21:36:29.553Z",
"dateUpdated": "2026-02-13T17:14:40.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-25196 (GCVE-0-2024-25196)
Vulnerability from cvelistv5 – Published: 2024-02-20 00:00 – Updated: 2024-08-15 13:48
VLAI
Summary
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openrobotics | robot_operating_system |
Affected:
humble
cpe:2.3:o:openrobotics:robot_operating_system:humble:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/4005"
},
{
"tags": [
"x_transferred"
],
"url": "https://robotics.stackexchange.com/questions/106008/ros2nav2user-misconfiguration-of-parameters-may-cause-instantaneous-crashs"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4017"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:openrobotics:robot_operating_system:humble:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_operating_system",
"vendor": "openrobotics",
"versions": [
{
"status": "affected",
"version": "humble"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25196",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T18:36:55.527849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:48:00.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T13:30:29.821Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/issues/4005"
},
{
"url": "https://robotics.stackexchange.com/questions/106008/ros2nav2user-misconfiguration-of-parameters-may-cause-instantaneous-crashs"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4017"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25196",
"datePublished": "2024-02-20T00:00:00.000Z",
"dateReserved": "2024-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-15T13:48:00.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25197 (GCVE-0-2024-25197)
Vulnerability from cvelistv5 – Published: 2024-02-20 00:00 – Updated: 2024-10-29 20:06
VLAI
Summary
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-476 - NULL Pointer Dereference
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T17:12:51.160399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:06:53.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/3940"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/3958"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/3971"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/issues/3972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T13:30:31.558Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/issues/3940"
},
{
"url": "https://github.com/ros-planning/navigation2/issues/3958"
},
{
"url": "https://github.com/ros-planning/navigation2/issues/3971"
},
{
"url": "https://github.com/ros-planning/navigation2/issues/3972"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25197",
"datePublished": "2024-02-20T00:00:00.000Z",
"dateReserved": "2024-02-07T00:00:00.000Z",
"dateUpdated": "2024-10-29T20:06:53.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25199 (GCVE-0-2024-25199)
Vulnerability from cvelistv5 – Published: 2024-02-20 00:00 – Updated: 2024-08-29 13:39
VLAI
Summary
Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openrobotics | robot_operating_system |
Affected:
2
cpe:2.3:o:openrobotics:robot_operating_system:2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4078"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4079"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:openrobotics:robot_operating_system:2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_operating_system",
"vendor": "openrobotics",
"versions": [
{
"status": "affected",
"version": "2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25199",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T17:46:08.498242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T13:39:39.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T13:30:33.767Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4078"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25199",
"datePublished": "2024-02-20T00:00:00.000Z",
"dateReserved": "2024-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-29T13:39:39.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25198 (GCVE-0-2024-25198)
Vulnerability from cvelistv5 – Published: 2024-02-20 00:00 – Updated: 2024-08-01 23:36
VLAI
Summary
Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openrobotics | robot_operating_system |
Affected:
2
cpe:2.3:o:openrobotics:robot_operating_system:2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:openrobotics:robot_operating_system:2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_operating_system",
"vendor": "openrobotics",
"versions": [
{
"status": "affected",
"version": "2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T14:07:17.094507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T20:27:49.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4068"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/pull/4070"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T13:30:32.939Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/pull/4068"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4070"
},
{
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25198",
"datePublished": "2024-02-20T00:00:00.000Z",
"dateReserved": "2024-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-01T23:36:21.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}