CVE-2024-25197

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/ros-planning/navigation2/issues/3940	Exploit Issue Tracking
https://github.com/ros-planning/navigation2/issues/3958	Exploit Issue Tracking Patch
https://github.com/ros-planning/navigation2/issues/3971	Exploit Issue Tracking Patch
https://github.com/ros-planning/navigation2/issues/3972	Exploit Issue Tracking Patch
https://github.com/ros-planning/navigation2/issues/3940	Exploit Issue Tracking
https://github.com/ros-planning/navigation2/issues/3958	Exploit Issue Tracking Patch
https://github.com/ros-planning/navigation2/issues/3971	Exploit Issue Tracking Patch
https://github.com/ros-planning/navigation2/issues/3972	Exploit Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:opennav:nav2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:openrobotics:robot_operating_system:2:humble:*:*:*:*:*:*

History

02 Apr 2025, 20:15

Type	Values Removed	Values Added
First Time		Opennav Opennav nav2 Openrobotics robot Operating System Openrobotics
CPE		cpe:2.3:a:opennav:nav2:::::::: cpe:2.3:o:openrobotics:robot_operating_system:2:humble::::::
References	~~() https://github.com/ros-planning/navigation2/issues/3940 -~~	() https://github.com/ros-planning/navigation2/issues/3940 - Exploit, Issue Tracking
References	~~() https://github.com/ros-planning/navigation2/issues/3958 -~~	() https://github.com/ros-planning/navigation2/issues/3958 - Exploit, Issue Tracking, Patch
References	~~() https://github.com/ros-planning/navigation2/issues/3971 -~~	() https://github.com/ros-planning/navigation2/issues/3971 - Exploit, Issue Tracking, Patch
References	~~() https://github.com/ros-planning/navigation2/issues/3972 -~~	() https://github.com/ros-planning/navigation2/issues/3972 - Exploit, Issue Tracking, Patch

21 Nov 2024, 09:00

Type	Values Removed	Values Added
References	~~() https://github.com/ros-planning/navigation2/issues/3940 -~~	() https://github.com/ros-planning/navigation2/issues/3940 -
References	~~() https://github.com/ros-planning/navigation2/issues/3958 -~~	() https://github.com/ros-planning/navigation2/issues/3958 -
References	~~() https://github.com/ros-planning/navigation2/issues/3971 -~~	() https://github.com/ros-planning/navigation2/issues/3971 -
References	~~() https://github.com/ros-planning/navigation2/issues/3972 -~~	() https://github.com/ros-planning/navigation2/issues/3972 -

29 Oct 2024, 20:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
Summary		(es) Se descubrió que las versiones humildes de Open Robotics Robotic Operating Sytstem 2 (ROS2) y Nav2 contenían una desreferencia de puntero NULL a través de la función isCurrent() en /src/layered_costmap.cpp.
CWE		CWE-476

20 Feb 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-20 14:15

Updated : 2025-04-02 20:15

NVD link : CVE-2024-25197

Mitre link : CVE-2024-25197

CVE.ORG link : CVE-2024-25197

JSON object : View

Products Affected

opennav

nav2

openrobotics

robot_operating_system

CWE

CWE-476

NULL Pointer Dereference

6.5 /10