CNNVD-202602-2073 Information
CNNVD ID
CNNVD-202602-2073
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
Nav2是ROS社区的适用于ROS2的导航框架和系统。 Nav2 1.3.11及之前版本存在缓冲区错误漏洞,该漏洞源于Nav2 AMCL的粒子滤波器聚类逻辑中存在堆越界写入漏洞,可能导致堆内存损坏和拒绝服务。
Description (English)
Nav2 is the navigation framework and system for ROS2 in the ROS community. Nav2 1.3.11 and previous versions had an error loophole in the buffer zone, which originated in the particle filter cluster logic of Nav2 AMCL, with piles of cross-border writing gaps that could lead to damage to the memory and denial of services.
Vulnerability Type
缓冲区错误
Affected Vendor
ROS
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/ros-navigation/navigation2/commit/d09ea82477ce9234678a6febf6890235e0a7ce12 https://github.com/ros-navigation/navigation2/releases/tag/1.3.11 https://github.com/ros-navigation/navigation2/security/advisories/GHSA-mgj5-g2p6-gc5x
Patch
https://github.com/ros-navigation/navigation2/releases
Share on: