Title: ROS Melodic Morenia
Description: Se ha descubierto una vulnerabilidad de inyección de comandos del sistema operativo en ROS (Robot Operating System) Melodic Morenia en ROS_VERSION 1 y ROS_PYTHON_VERSION 3. Esta vulnerabilidad afecta principalmente a los componentes de procesamiento de comandos o llamadas al sistema en ROS, haciéndolos susceptibles a la manipulación por parte de entidades maliciosas. A través de esto, se pueden ejecutar comandos no autorizados, lo que lleva a la ejecución remota de código (RCE), el robo de datos y actividades maliciosas. Los componentes afectados incluyen módulos de ejecución de comandos externos, controladores de llamadas del sistema y scripts de interfaz.

MITRE disputed

An OS command injection vulnerability has been discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability primarily affects the command processing or system call components in ROS, making them susceptible to manipulation by malicious entities. Through this, unauthorized commands can be executed, leading to remote code execution (RCE), data theft, and malicious activities. The affected components include External Command Execution Modules, System Call Handlers, and Interface Scripts. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/2

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/3

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/4

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/5

MITRE https://github.com/yashpatelphd/CVE-2024-30665