CVE-2024-41921 Information

Description

A code injection vulnerability has been discovered in the Robot Operating System (ROS) ‘rostopic’ command-line tool affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the ’echo’ verb which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the –filter option. This input is passed directly to the eval() function without sanitization allowing a local user to craft and execute arbitrary code.

Reference

https://www.ros.org/blog/noetic-eol/

Related CNNVD

CNNVD-202507-2338 (Published: 2025-07-17)