UBUNTU-CVE-2024-39780

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-39780

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-39780.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-39780

Related

CVE-2024-39780

Published

2025-04-03T00:00:00Z

Modified

2025-04-03T16:50:07Z

Summary

[none]

Details

A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. This issue has now been fixed for ROS Noetic via commit 3d93ac13603438323d7e9fa74e879e45c5fe2e8e.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ros-dynamic-reconfigure

Package

Name: ros-dynamic-reconfigure
Purl: pkg:deb/ubuntu/ros-dynamic-reconfigure@1.5.39-2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.39-1

1.5.39-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ros-dynamic-reconfigure

Package

Name: ros-dynamic-reconfigure
Purl: pkg:deb/ubuntu/ros-dynamic-reconfigure@1.5.49-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.46-1

1.5.46-1build1

1.5.49-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ros-dynamic-reconfigure

Package

Name: ros-dynamic-reconfigure
Purl: pkg:deb/ubuntu/ros-dynamic-reconfigure@1.6.0-3ubuntu1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0-1build1

1.6.0-3

1.6.0-3ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ros-dynamic-reconfigure

Package

Name: ros-dynamic-reconfigure
Purl: pkg:deb/ubuntu/ros-dynamic-reconfigure@1.7.2-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.1-3

1.7.1-11

1.7.2-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}