CVE-2024-37860

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Dec 5, 2024
Updated: Dec 6, 2024
CWE ID 94

Summary

CVE-2024-37860 is a buffer overflow vulnerability discovered in Open Robotic Operating System 2 (ROS2) and specifically in the navigation2 and navigation2-humble packages. A maliciously crafted .yaml file can be exploited by a local attacker to cause a buffer overflow in the nav2_amcl process. This issue allows the attacker to execute arbitrary code, potentially leading to serious system compromises. The vulnerability poses a significant risk to robotic systems using ROS2, and it is strongly recommended that affected users apply the available patch as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share