CVE-2024-44852

CRITICAL

Published Dec 6, 2024 Modified Dec 17, 2024 CWE-763

Description

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().

CVSS v3.1 Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-763 CWE-763

Affected Products

Vendor	Product	Versions
openrobotics	robot_operating_system	All
openrobotics	robot_operating_system	All

References

Exploits

https://github.com/open-navigation/navigation2/issues/4464 https://github.com/open-navigation/navigation2/issues/4464

Other References

https://github.com/GoesM/ROS-CVE-CNVDs https://github.com/ros-navigation/navigation2/pull/4463

Frequently Asked Questions

What is CVE-2024-44852? +

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). It has a CVSS v3.1 base score of 9.8 (CRITICAL).

How severe is CVE-2024-44852? +

CVE-2024-44852 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

What products are affected by CVE-2024-44852? +

CVE-2024-44852 affects products from openrobotics, specifically: robot_operating_system. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-44852? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-13824

A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault …

CVE-2025-25215 8.8

An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior …

CVE-2024-6607 8.8

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a …

CVE-2023-43532 8.4

Memory corruption while reading ACPI config through the user mode app.

CVE-2021-47087 7.8

In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the …

CVE-2024-2955 7.8

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or …

Quick Facts

CVSS Score: 9.8
Severity: CRITICAL
Published: Dec 6, 2024

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-44852.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →