CVE-2024-25197

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-25197

CWE

https://cwe.mitre.org/data/definitions/476.html

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Nav2	Opennav	1.1.0 (including)	1.1.17 (including)

Potential Mitigations

References

https://github.com/ros-planning/navigation2/issues/3940
https://github.com/ros-planning/navigation2/issues/3958
https://github.com/ros-planning/navigation2/issues/3971
https://github.com/ros-planning/navigation2/issues/3972
https://github.com/ros-planning/navigation2/issues/3940
https://github.com/ros-planning/navigation2/issues/3958
https://github.com/ros-planning/navigation2/issues/3971
https://github.com/ros-planning/navigation2/issues/3972

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References