Robot Operating System

robot_operating_system

Vendor: Openrobotics • 32 CVEs

CVEs (32)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-3753 1Openrobotics 1Robot Operating System Aug 26, 2025 Jul 17, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function...Show more A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.Show less
CVE-2024-41921 1Openrobotics 1Robot Operating System Aug 26, 2025 Jul 17, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, whi...Show more A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.Show less
CVE-2024-41148 1Openrobotics 1Robot Operating System Aug 26, 2025 Jul 17, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which...Show more A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.Show less
CVE-2024-39835 1Openrobotics 1Robot Operating System Aug 26, 2025 Jul 17, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the...Show more A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized parameter values within the substitution args mechanism, which roslaunch evaluates before launching a node. This flaw allows attackers to craft and execute arbitrary Python code.Show less
CVE-2024-39289 1Openrobotics 1Robot Operating System Aug 26, 2025 Jul 17, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function...Show more A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code.Show less
CVE-2024-39780 1Openrobotics 1Robot Operating System Aug 26, 2025 Apr 2, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distribut...Show more A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code.Show less
CVE-2024-44856 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().
CVE-2024-44855 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().
CVE-2024-44854 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan().
CVE-2024-44853 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl().
CVE-2024-44852 1Openrobotics 1Robot Operating System Dec 17, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().
CVE-2024-41650 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d.
CVE-2024-41649 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.
CVE-2024-41648 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller.
CVE-2024-41647 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.
CVE-2024-41646 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller.
CVE-2024-41645 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.
CVE-2024-41644 1Openrobotics 1Robot Operating System Dec 13, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component.
CVE-2024-38927 1Openrobotics 1Robot Operating System Dec 17, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the...Show more Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`.Show less
CVE-2024-38926 1Openrobotics 1Robot Operating System Dec 17, 2024 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change th...Show more Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`.Show less

12 Next