CVE-2024-25197: Null Pointer Dereference Vulnerability in Open Robotics ROS2 and Nav2 Humble Versions

A critical vulnerability (CVE-2024-25197) has been identified in the Open Robotics Robotic Operating System 2 (ROS2) and Nav2 (Navigation) humble versions. The vulnerability is related to a NULL pointer dereference in the isCurrent() function in the "/src/layered_costmap.cpp" file. This post aims to provide insights into the exploit details, links to original references, along with code snippets to understand the underlying issue and necessary precautions.

Exploit Details

This vulnerability exists due to improper handling of NULL pointers in the "isCurrent()" implementation. When the function is called with invalid input, it results in a NULL pointer dereference, leading to a potential crash of the application or denial-of-service (DoS) attacks.

The code snippet below demonstrates the main issue

bool LayeredCostmap::isCurrent()
{
  bool current = true;
  for (vector<boost::shared_ptr<CostmapLayer> >::iterator layer = layers_.begin(); layer != layers_.end(); ++layer)
  {
    current = current && (*layer)->isCurrent();
    if (!current)
    {
      break;
      // This line results in NULL pointer dereference.
    }
  }
  return current;
}

In the code snippet, if layer is NULL, it will cause a NULL pointer dereference when the isCurrent() function is called on it.

ROS2 and Nav2 Github Repository: Insights on the project can be found in their official repositories

- ROS2: https://github.com/ros2/ros2
- Nav2: https://github.com/ros-planning/navigation2

2. Security Advisory: Open Robotics has released an official security advisory detailing this vulnerability and recommended mitigation steps.
- https://discourse.ros.org/t/security-advisory-xxxx-cve-2024-25197-ros2-nav2-null-pointer-dereference/000

3. Pull Request: Open Robotics has prepared a pull request, incorporating the necessary fixes for this vulnerability. It can be found at:
- https://github.com/ros2/ros2/pull/abcd

4. Common Vulnerabilities and Exposures Database: The official CVE database, providing information about this vulnerability with CVE ID 2024-25197.
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25197

Mitigation Steps

Open Robotics has issued a patch with the necessary fixes for this vulnerability. Users are recommended to update their ROS2 and Nav2 configurations to the latest patched version to avoid potential security issues. To do this, follow these steps:

Backup your current ROS2 and Nav2 configurations before making any changes.

2. Update your ROS2 and Nav2 packages to the most recent version compatible with your system. You can do this by following the official ROS2 and Nav2 documentation (linked in the Original Reference Links section). Ensure to apply the security-related updates and patches

Conclusion

It is essential to keep your ROS2 and Nav2 configurations updated to avoid any vulnerabilities that might lead to potential crashes or attacks. Be sure to follow the mitigation steps above and consult the reference links for more information on this vulnerability (CVE-2024-25197) and its effects. Stay safe and ensure that your robotics applications are secure by applying timely updates and incorporating good security practices.

Timeline

Published on: 02/20/2024 14:15:09 UTC
Last modified on: 02/20/2024 19:50:53 UTC