漏洞标题
N/A
漏洞描述信息
通过1.14.3发现了ROS通信相关软件包中的问题。ROS_ASSERT_MSG只有在ROS_ASSERT_ENABLED被定义时才有效。这导致在 clients/roscpp/src/libros/spinner.cpp中的 remove() 函数出现问题。当ROS_ASSERT_ENABLED未定义时,迭代器循环将超出数组的范围,并对其他组件(依赖于此软件包的通信相关函数)造成拒绝服务。注意:解决这个问题的报告者认为这是一个虚假的警报。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package). NOTE: The reporter of this issue now believes it was a false alarm.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
ROS communications-related packages 缓冲区错误漏洞
漏洞描述信息
ROS communications-related packages是一款与ROS(机器人操作系统)通信相关的软件包。 ROS communications-related packages 1.14.3及之前版本中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。
CVSS信息
N/A
漏洞类别
缓冲区错误