CVE-2024-25197 - Vulnerability Details - OpenCVE

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Opennav	Nav2
Openrobotics	Robot Operating System

Configuration 1 [-]

cpe:2.3:a:opennav:nav2:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:openrobotics:robot_operating_system:2:humble:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/ros-planning/navigation2/issues/3940
https://github.com/ros-planning/navigation2/issues/3958
https://github.com/ros-planning/navigation2/issues/3971
https://github.com/ros-planning/navigation2/issues/3972

History

Wed, 02 Apr 2025 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Opennav Opennav nav2 Openrobotics Openrobotics robot Operating System
CPEs		cpe:2.3:a:opennav:nav2:::::::: cpe:2.3:o:openrobotics:robot_operating_system:2:humble::::::
Vendors & Products		Opennav Opennav nav2 Openrobotics Openrobotics robot Operating System

Tue, 29 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-20T00:00:00

Updated: 2024-10-29T20:06:53.124Z

Reserved: 2024-02-07T00:00:00

Link: CVE-2024-25197

Vulnrichment

Updated: 2024-08-01T23:36:21.923Z

NVD

Status : Analyzed

Published: 2024-02-20T14:15:09.213

Modified: 2025-04-02T20:15:52.543

Link: CVE-2024-25197

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-25197", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-29T20:06:53.124Z", "dateReserved": "2024-02-07T00:00:00", "datePublished": "2024-02-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-20T13:30:31.558644"}, "descriptions": [{"lang": "en", "value": "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ros-planning/navigation2/issues/3940"}, {"url": "https://github.com/ros-planning/navigation2/issues/3958"}, {"url": "https://github.com/ros-planning/navigation2/issues/3971"}, {"url": "https://github.com/ros-planning/navigation2/issues/3972"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-02-20T17:12:51.160399Z", "id": "CVE-2024-25197", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T20:06:53.124Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:21.923Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/ros-planning/navigation2/issues/3940", "tags": ["x_transferred"]}, {"url": "https://github.com/ros-planning/navigation2/issues/3958", "tags": ["x_transferred"]}, {"url": "https://github.com/ros-planning/navigation2/issues/3971", "tags": ["x_transferred"]}, {"url": "https://github.com/ros-planning/navigation2/issues/3972", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/ros-planning/navigation2/issues/3940", "tags": ["x_transferred"]}, {"url": "https://github.com/ros-planning/navigation2/issues/3958", "tags": ["x_transferred"]}, {"url": "https://github.com/ros-planning/navigation2/issues/3971", "tags": ["x_transferred"]}, {"url": "https://github.com/ros-planning/navigation2/issues/3972", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:21.923Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-25197", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-20T17:12:51.160399Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:39.951Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/ros-planning/navigation2/issues/3940"}, {"url": "https://github.com/ros-planning/navigation2/issues/3958"}, {"url": "https://github.com/ros-planning/navigation2/issues/3971"}, {"url": "https://github.com/ros-planning/navigation2/issues/3972"}], "descriptions": [{"lang": "en", "value": "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-20T13:30:31.558644"}}}, "cveMetadata": {"cveId": "CVE-2024-25197", "state": "PUBLISHED", "dateUpdated": "2024-10-29T20:06:53.124Z", "dateReserved": "2024-02-07T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-20T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opennav:nav2:*:*:*:*:*:*:*:*", "matchCriteriaId": "18644CD5-646B-4BE6-9A1A-7EFC1A5E2D7B", "versionEndIncluding": "1.1.17", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openrobotics:robot_operating_system:2:humble:*:*:*:*:*:*", "matchCriteriaId": "398C733B-4A50-4297-B424-74D99AB48C70", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp."}, {"lang": "es", "value": "Se descubri\u00f3 que las versiones humildes de Open Robotics Robotic Operating Sytstem 2 (ROS2) y Nav2 conten\u00edan una desreferencia de puntero NULL a trav\u00e9s de la funci\u00f3n isCurrent() en /src/layered_costmap.cpp."}], "id": "CVE-2024-25197", "lastModified": "2025-04-02T20:15:52.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-20T14:15:09.213", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/ros-planning/navigation2/issues/3940"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://github.com/ros-planning/navigation2/issues/3958"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://github.com/ros-planning/navigation2/issues/3971"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://github.com/ros-planning/navigation2/issues/3972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/ros-planning/navigation2/issues/3940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://github.com/ros-planning/navigation2/issues/3958"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://github.com/ros-planning/navigation2/issues/3971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://github.com/ros-planning/navigation2/issues/3972"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}