Global infos:

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package). NOTE: The reporter of this issue now believes it was a false alarm.

CVE Status: Modified

References:

[email protected]

af854a3a-2127-422b-91ae-364da2661108

Metrics:

Attribute	Value
Attack Complexity	LOW
Attack Vector	NETWORK
Availability Impact	HIGH
Base Score	8.6
Base Severity	HIGH
Confidentiality Impact	NONE
Integrity Impact	NONE
Privileges Required	NONE
Scope	CHANGED
User Interaction	NONE
Vector String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability Score	3.9
Impact Score	4
Source	[email protected]
Type	Primary

Links:

Exploit-db
Github