CVE-2019-13566

Published: Nov 22, 2019Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly execute arbitrary code via an IP address with a long hostname.

Affected (1)

Products: Ros: Ros Comm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ros Ros Comm	Up to 1.14.3

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (6)

https://github.com/ros/ros_comm/issues/1735

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/ros/ros_comm/issues/1752

Source: cve@mitre.org

https://github.com/ros/ros_comm/pull/1771

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/ros/ros_comm/issues/1735

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/ros/ros_comm/issues/1752

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ros/ros_comm/pull/1771

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.