Title: ROS2 Galactic Geochelone
Description: Se ha descubierto una vulnerabilidad de carga de archivos arbitrarios en ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 y ROS_PYTHON_VERSION 3, que permite a los atacantes ejecutar código arbitrario, provocar una denegación de servicio (DoS) y obtener información confidencial a través de una carga útil manipulada para el Mecanismo de carga de archivos del sistema ROS2, incluida la funcionalidad del servidor para manejar la carga de archivos y los procesos de validación asociados.

An arbitrary file upload vulnerability has been discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via a crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/2

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/3

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/4

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/5

MITRE https://github.com/yashpatelphd/CVE-2024-30703

MITRE disputed