This page lists publicly disclosed CVE vulnerabilities affecting openrobotics robot_operating_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-38925 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` . | [email protected] | 9.8 | 0.56% | 2024-12-06 | 2026-06-17 |
| CVE-2024-38924 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` . | [email protected] | 9.8 | 0.53% | 2024-12-06 | 2026-06-17 |
| CVE-2024-38923 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` . | [email protected] | 9.8 | 0.53% | 2024-12-06 | 2026-06-17 |
| CVE-2024-38922 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose. | [email protected] | 9.8 | 0.56% | 2024-12-06 | 2026-06-17 |
| CVE-2024-38921 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` . | [email protected] | 9.8 | 0.57% | 2024-12-06 | 2026-06-17 |
| CVE-2024-30962 | Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process | [email protected] | 7.8 | 0.29% | 2024-12-05 | 2026-06-17 |
| CVE-2024-30961 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. | [email protected] | 7.8 | 0.30% | 2024-12-05 | 2026-06-17 |
| CVE-2024-25199 | Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free. | [email protected] | 8.1 | 0.58% | 2024-02-20 | 2026-06-17 |
| CVE-2024-25198 | Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free. | [email protected] | 9.1 | 0.71% | 2024-02-20 | 2026-06-17 |
| CVE-2024-25197 | Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp. | [email protected] | 6.5 | 0.68% | 2024-02-20 | 2026-06-17 |
| CVE-2024-25196 | Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file. | [email protected] | 3.3 | 0.29% | 2024-02-20 | 2026-06-17 |
| CVE-2020-10289 | Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for | [email protected] | 8.8 | 1.95% | 2020-08-20 | 2026-06-16 |