CVE-2024-25198 Information

Feb 21, 2024 cve

Description

Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

Reference

https://github.com/ros-planning/navigation2/pull/4068 https://github.com/ros-planning/navigation2/pull/4070 https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344

Share on: