CVE-2024-37862

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Dec 5, 2024
Updated: Dec 6, 2024
CWE ID 94

Summary

CVE-2024-37862 is a buffer overflow vulnerability affecting Open Robotic Operating System 2 (ROS2) and its navigation2 package, specifically the navigation2-humble component. A locally-executed crafted .yaml file can trigger the issue in the nav2_planner process, allowing an attacker to execute arbitrary code. This vulnerability poses a significant risk to ROS2-based robotic systems and requires immediate attention and patching to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share