CVE-2024-38920
CVSS 3.1 Score 9.1 of 10 (high)
Details
Published Dec 5, 2024
Updated: Dec 6, 2024
CWE ID 416
Summary
CVE-2024-38920 is a use-after-free vulnerability affecting Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions. This issue is caused by the nav2_amcl process and can be triggered remotely when changing the value of the dynamic-parameter `/amcl max_beams`. Upon receiving such a request, the affected software may continue to use a previously freed memory location, leading to unpredictable behavior or system crashes, creating a potential security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share