CVE-2024-25198

Published: Feb 20, 2024Modified: Apr 2, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

Affected (2)

Products: Opennav: Nav2 · Openrobotics: Robot Operating System

Opennav

1 product

Nav2

Openrobotics

1 product

Robot Operating System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opennav Nav2	From 1.1.0 to 1.1.17

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Openrobotics Robot Operating System	Version 2 humble

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (6)

https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344

Source: cve@mitre.org

Product

https://github.com/ros-planning/navigation2/pull/4068

Source: cve@mitre.org

ExploitIssue TrackingPatch

https://github.com/ros-planning/navigation2/pull/4070

Source: cve@mitre.org

Issue TrackingPatch

https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/ros-planning/navigation2/pull/4068

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatch

https://github.com/ros-planning/navigation2/pull/4070

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.