CVE-2023-33566

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-33566
An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/04/23/2
http://www.openwall.com/lists/oss-security/2024/04/23/3
http://www.openwall.com/lists/oss-security/2024/04/23/4
http://www.openwall.com/lists/oss-security/2024/04/23/5
https://github.com/16yashpatel/CVE-2023-33566 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:openrobotics:robot_operating_system:2:foxy:*:*:*:*:*:*
History

01 May 2024, 19:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/23/5 -

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/23/3 -

01 May 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/23/2 -
  • () http://www.openwall.com/lists/oss-security/2024/04/23/4 -

17 Apr 2024, 02:15

Type Values Removed Values Added
Summary (en) An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior. (en) An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.

06 Jul 2023, 17:26

Type Values Removed Values Added
CPE cpe:2.3:a:openrobotics:robot_operating_system:2:foxy:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-74
First Time Openrobotics
Openrobotics robot Operating System
References (MISC) https://github.com/16yashpatel/CVE-2023-33566 - (MISC) https://github.com/16yashpatel/CVE-2023-33566 - Third Party Advisory

27 Jun 2023, 18:34

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-27 18:15

Updated : 2024-05-01 19:15

NVD link : CVE-2023-33566

Mitre link : CVE-2023-33566

CVE.ORG link : CVE-2023-33566

JSON object : View

Products Affected

openrobotics

  • robot_operating_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')