CVE-2023-33565
Denial-of-Service (DoS) Vulnerability in ROS2 Foxy Fitzroy
Denial-of-Service (DoS)
Medium (Base Score: 6.5)
The Open Source Robotics Foundation (OSRF)
ROS2 Foxy Fitzroy (ROS_VERSION=2 and ROS_PYTHON_VERSION=3)
A Denial-of-Service (DoS) vulnerability exists in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. A malicious user could potentially exploit this vulnerability remotely to crash the ROS2 nodes, thereby causing a denial of service. The flaw allows an attacker to cause unexpected behavior in the operation of ROS2 nodes, which leads to their failure and interrupts the regular operation of the system, thus making it unavailable for its intended users.
Successful exploitation of this vulnerability could allow an attacker to exhaust resources, cause a crash, or interrupt the operation of ROS2 nodes leading to a Denial-of-Service condition. Depending on the nature of the services offered by the affected system, this could have significant implications, including loss of control over robotic operations.
This vulnerability can be exploited remotely. The specifics of the attack vector are currently undisclosed.
Users are advised to update to the latest version as soon as it becomes available and monitor advisories from the ROS2 development team. In the interim, users should consider limiting network exposure for all control system devices and ensure they are not accessible from the Internet.
There is currently no known workaround for this vulnerability. The primary mitigation is to update to a patched version as soon as it is available.
Confirmed and published.
Yash Patel and Dr. Parag Rughani