CVE-2024-41148
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.
| Software | From | Fixed in |
|---|---|---|
| openrobotics / robot_operating_system | indigo_igloo | indigo_igloo.x |
| openrobotics / robot_operating_system | kinetic_kame | kinetic_kame.x |
| openrobotics / robot_operating_system | melodic_morenia | melodic_morenia.x |
| openrobotics / robot_operating_system | noetic_ninjemys | noetic_ninjemys.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime