CVE-2020-16124 HIGH

CVE-2020-16124: Integer overflow in ROS communications library

Vendor Openrobotics
Product ros_comm ROS communications packages
Weakness CWE-190
Published October 13, 2020
Last update September 16, 2024

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065.

Key dates

02Disclosure timeline

October 13, 2020 CVE published
September 16, 2024 Record updated