CVE-2024-37863

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 5, 2024
Updated: Dec 6, 2024
CWE ID 120

Summary

CVE-2024-37863 is a newly discovered buffer overflow vulnerability affecting the Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions. The issue is caused by a flaw in the nav2_amcl process, which can be exploited by sending a specially crafted .yaml file. If successful, the attacker can overwrite memory buffers, potentially leading to arbitrary code execution or system crashes. This vulnerability poses a significant risk to organizations and individuals using these robotics systems and requires immediate attention and patches to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share