Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution
Vulnerability Description
navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme covariance values to the /initialpose topic, an unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write (set->clusters[-1]) into heap memory preceding the allocated buffer. In Release builds, the sole boundary check (assert) is compiled out, leaving zero runtime protection. This primitive allows controlled corruption of the heap chunk metadata(at least the size of the heap chunk where the set->clusters is in is controllable by the attacker), potentially leading to further exploitation. At minimum, it provides a reliable single-packet denial of service that kills localization and halts all navigation.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
Nav2 缓冲区错误漏洞
Vulnerability Description
Nav2是ROS社区的适用于ROS2的导航框架和系统。 Nav2 1.3.11及之前版本存在缓冲区错误漏洞,该漏洞源于Nav2 AMCL的粒子滤波器聚类逻辑中存在堆越界写入漏洞,可能导致堆内存损坏和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A