RSS   Vulnerabilities for 'Ros-comm'   RSS

2021-09-28
 
CVE-2021-37146

CWE-835
 

 
An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.

 
2019-12-30
 
CVE-2019-13465

CWE-119
 

 
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package). NOTE: The reporter of this issue now believes it was a false alarm.

 
 
CVE-2019-13445

CWE-190
 

 
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.

 
2019-11-22
 
CVE-2019-13566

CWE-120
 

 
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly execute arbitrary code via an IP address with a long hostname.

 

 >>> Vendor: ROS 2 Products
Ros-comm
Sros2


Copyright 2024, cxsecurity.com

 

Back to Top