CVE-2023-51199

Buffer Overflow Vulnerability in ROS2 Foxy Fitzroy

Buffer Overflow

Critical (Base Score: 9.8)

The Open Source Robotics Foundation (OSRF)

ROS2 Foxy Fitzroy (ROS_VERSION=2 and ROS_PYTHON_VERSION=3)

A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Foxy Fitzroy. This critical issue arises from improper handling of arrays or strings within these components, posing a significant threat to system stability and security.

Code Execution: True; Other: The vulnerability can lead to system crash or instability, data corruption and loss, compromised security and privacy, and operational disruption.

The vulnerability can be exploited through various methods, including crafted input data, exploiting network interfaces, delivering malicious payloads, and local application exploitation.

Users should promptly update to the latest patched version of ROS2 Foxy Fitzroy to mitigate this vulnerability. It is important to ensure that all related components, particularly those written in C++, are also updated to secure versions.

If immediate updating is not feasible, users should enforce stringent input validation, enhance network interface security, and be vigilant against suspicious local application activities.

Confirmed and published.

Yash Patel and Dr. Parag Rughani

N/A