CVE-2024-25199 Information

Description

Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

Reference

https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344 https://github.com/ros-planning/navigation2/pull/4078 https://github.com/ros-planning/navigation2/pull/4079