CVE-2024-25196 is a critical buffer overflow vulnerability discovered in Open Robotics’ Robotic Operating System 2 (ROS2) and the Navigation2 (Nav2) framework, specifically in the Humble version. The issue occurs in the nav2_controller process when it processes .yaml configuration files. A specially crafted .yaml file with excessively large data can cause the allocated buffer to overflow, potentially leading to application crashes or remote code execution. The ROS2 and Nav2 Humble versions are specifically impacted.
Open Robotics has addressed this issue with updated releases for ROS2 and Nav2. We strongly recommend to update your systems to the latest patched versions and ensure .yaml files come from trusted sources.
See more details on: