openrobotics 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk memory corruption and バッファオーバーフロー などに関し、一部は vendor impact memory corruption を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-3753 | A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.09% | 2025-07-17 | 2025-08-26 |
| CVE-2024-41921 | A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. | [email protected] | 7.8 | 0.08% | 2025-07-17 | 2025-08-26 |
| CVE-2024-41148 | A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. | [email protected] | 7.8 | 0.08% | 2025-07-17 | 2025-08-26 |
| CVE-2024-39835 | A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized parameter values within the substitution args mechanism, which roslaunch evaluates before launching a node. This flaw allows attackers to craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.10% | 2025-07-17 | 2025-08-26 |
| CVE-2024-39289 | A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.09% | 2025-07-17 | 2025-08-26 |
| CVE-2024-39780 | A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. | [email protected] | 7.8 | 1.10% | 2025-04-02 | 2025-08-26 |
| CVE-2024-44856 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). | [email protected] | 7.5 | 0.17% | 2024-12-06 | 2024-12-13 |
| CVE-2024-44855 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). | [email protected] | 7.5 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-44854 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). | [email protected] | 7.5 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-44853 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). | [email protected] | 7.5 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-44852 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). | [email protected] | 9.8 | 0.18% | 2024-12-06 | 2024-12-17 |
| CVE-2024-41650 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | [email protected] | 9.8 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41649 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41648 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. | [email protected] | 9.8 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41647 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41646 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41645 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41644 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-38927 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`. | [email protected] | 9.8 | 0.14% | 2024-12-06 | 2024-12-17 |
| CVE-2024-38926 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`. | [email protected] | 9.8 | 0.14% | 2024-12-06 | 2024-12-17 |