CVE-2024-41148 Information

Description

A code injection vulnerability has been discovered in the Robot Operating System (ROS) ‘rostopic’ command-line tool affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the ‘hz’ verb which reports the publishing rate of a topic and accepts a user-provided Python expression via the –filter option. This input is passed directly to the eval() function without sanitization allowing a local user to craft and execute arbitrary code.

Reference

https://www.ros.org/blog/noetic-eol/

Related CNNVD

CNNVD-202507-2337 (Published: 2025-07-17)