汇总 openrobotics 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 内存损坏与缓冲区溢出 等问题,部分漏洞可能导致 内存损坏,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-3753 | A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.19% | 2025-07-17 | 2026-06-17 |
| CVE-2024-41921 | A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. | [email protected] | 7.8 | 0.18% | 2025-07-17 | 2026-06-17 |
| CVE-2024-41148 | A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. | [email protected] | 7.8 | 0.18% | 2025-07-17 | 2026-06-17 |
| CVE-2024-39835 | A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized parameter values within the substitution args mechanism, which roslaunch evaluates before launching a node. This flaw allows attackers to craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.17% | 2025-07-17 | 2026-06-17 |
| CVE-2024-39289 | A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.17% | 2025-07-17 | 2026-06-17 |
| CVE-2024-39780 | A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.33% | 2025-04-02 | 2026-06-17 |
| CVE-2024-44856 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). | [email protected] | 7.5 | 0.56% | 2024-12-06 | 2026-06-17 |
| CVE-2024-44855 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). | [email protected] | 7.5 | 0.56% | 2024-12-06 | 2026-06-17 |
| CVE-2024-44854 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). | [email protected] | 7.5 | 0.56% | 2024-12-06 | 2026-06-17 |
| CVE-2024-44853 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). | [email protected] | 7.5 | 0.56% | 2024-12-06 | 2026-06-17 |
| CVE-2024-44852 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). | [email protected] | 9.8 | 0.58% | 2024-12-06 | 2026-06-17 |
| CVE-2024-41650 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | [email protected] | 9.8 | 0.47% | 2024-12-06 | 2026-06-17 |
| CVE-2024-41649 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | [email protected] | 9.8 | 0.68% | 2024-12-06 | 2026-06-17 |
| CVE-2024-41648 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. | [email protected] | 9.8 | 0.47% | 2024-12-06 | 2026-06-17 |
| CVE-2024-41647 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | [email protected] | 9.8 | 0.68% | 2024-12-06 | 2026-06-17 |
| CVE-2024-41646 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | [email protected] | 9.8 | 0.68% | 2024-12-06 | 2026-06-17 |
| CVE-2024-41645 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | [email protected] | 9.8 | 0.68% | 2024-12-06 | 2026-06-17 |
| CVE-2024-41644 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | [email protected] | 9.8 | 0.68% | 2024-12-06 | 2026-06-17 |
| CVE-2024-38927 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`. | [email protected] | 9.8 | 0.56% | 2024-12-06 | 2026-06-17 |
| CVE-2024-38926 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`. | [email protected] | 9.8 | 0.56% | 2024-12-06 | 2026-06-17 |