ByteOS Network

Vulnerability Details :

CVE-2024-38910

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-05 Dec, 2024 | 00:00

Updated At-06 Dec, 2024 | 19:39

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:05 Dec, 2024 | 00:00

Updated At:06 Dec, 2024 | 19:39

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://github.com/ros-navigation/navigation2/issues/4379	N/A
https://github.com/ros-navigation/navigation2/pull/4397	N/A
https://github.com/GoesM/ROS-CVE-CNVDs	N/A

Hyperlink: https://github.com/ros-navigation/navigation2/issues/4379

Resource: N/A

Hyperlink: https://github.com/ros-navigation/navigation2/pull/4397

Resource: N/A

Hyperlink: https://github.com/GoesM/ROS-CVE-CNVDs

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Vendor

open_robotics

Product

ros2

CPEs

cpe:2.3:o:open_robotics:ros2:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

open_robotics

Product

nav2_humble

CPEs

cpe:2.3:o:open_robotics:nav2_humble:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-416	CWE-416 Use After Free

Type: CWE

CWE ID: CWE-416

Description: CWE-416 Use After Free

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:05 Dec, 2024 | 23:15

Updated At:06 Dec, 2024 | 20:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CWE ID	Type	Source
CWE-416	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-416

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://github.com/GoesM/ROS-CVE-CNVDs	cve@mitre.org	N/A
https://github.com/ros-navigation/navigation2/issues/4379	cve@mitre.org	N/A
https://github.com/ros-navigation/navigation2/pull/4397	cve@mitre.org	N/A

Hyperlink: https://github.com/GoesM/ROS-CVE-CNVDs

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://github.com/ros-navigation/navigation2/issues/4379

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://github.com/ros-navigation/navigation2/pull/4397

Source: cve@mitre.org

Resource: N/A

CVE-2024-38910

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs