{"id":"CVE-2019-13445","details":"An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.","modified":"2026-05-18T06:06:51.697767827Z","published":"2019-12-30T18:15:14.057Z","database_specific":{},"references":[{"type":"FIX","url":"https://github.com/ros/ros_comm/pull/1741"},{"type":"EVIDENCE","url":"https://github.com/ros/ros_comm/blob/melodic-devel/tools/rosbag/src/record.cpp#L129"},{"type":"EVIDENCE","url":"https://github.com/ros/ros_comm/issues/1738"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ros-gbp/ros_comm-release","events":[{"introduced":"0"},{"last_affected":"006405847f4cea78aff053c9abb1d3e8bcf93239"}],"database_specific":{"cpe":"cpe:2.3:a:ros:ros-comm:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.14.3"}],"source":"CPE_FIELD"}}],"versions":["upstream/1.14.3","upstream/1.14.2","upstream/1.14.1","upstream/1.14.0","upstream/1.13.6","upstream/1.12.13","upstream/1.12.12","upstream/1.13.5","upstream/1.12.11","upstream/1.12.10","upstream/1.12.9","upstream/1.12.8","upstream/1.13.4","upstream/1.13.3","upstream/1.13.2","upstream/1.13.1","upstream/1.11.21","upstream/1.13.0","upstream/1.12.7","upstream/1.12.6","upstream/1.12.5","upstream/1.12.4","upstream/1.11.20","upstream/1.12.2","upstream/1.11.19","upstream/1.12.0","upstream/1.11.18","upstream/1.11.17","upstream/1.11.16","upstream/1.11.15","upstream/1.11.14","upstream/1.11.13","upstream/1.11.12","upstream/1.11.11","upstream/1.10.12","upstream/1.11.10","upstream/1.10.11","upstream/1.11.9","upstream/1.11.8","upstream/1.11.7","upstream/1.11.6","upstream/1.11.5","upstream/1.10.10","upstream/1.11.4","upstream/1.10.3","upstream/1.11.3","upstream/1.11.2","upstream/1.11.1","upstream/1.11.0","upstream/1.10.2","upstream/1.10.1","upstream/1.9.55","upstream/1.10.0","upstream/1.9.54","upstream/1.9.53","upstream/1.9.52","upstream/1.9.51","upstream/1.9.50","upstream/1.9.49","upstream/1.9.48","upstream/1.9.47","upstream/1.9.46","upstream/1.9.45","upstream/1.8.16","upstream/1.9.44","upstream/1.9.43","upstream/1.9.42","None/1.8.16","upstream/1.8.15","upstream/1.9.41","ros_comm/1.9.41","upstream/1.9.40","upstream/1.9.39","upstream/1.9.38","upstream/1.9.37","upstream/1.9.36","upstream/1.9.34","upstream/1.9.33","upstream/1.9.32","upstream/1.9.31","upstream/1.9.30","upstream/1.9.29","upstream/1.9.28","upstream/1.9.27","upstream/1.9.26","upstream/1.9.25","upstream/1.9.24","upstream/1.9.23","upstream/1.9.18","upstream/1.9.17","upstream/1.9.16","upstream/1.9.15","upstream/1.9.14","upstream/1.9.13","upstream/1.9.12","upstream/1.9.11"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13445.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/ros/ros_comm","events":[{"introduced":"0"},{"last_affected":"c4a6d51c1753b515ec79dd15bffc1b8532edb902"}],"database_specific":{"cpe":"cpe:2.3:a:ros:ros-comm:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.14.3"}]}}],"versions":["1.14.3","1.14.2","1.14.1","1.14.0","1.13.6","1.13.5","1.12.7","1.13.4","1.13.3","1.13.2","1.13.1","1.13.0","1.12.6","1.12.5","1.12.4","1.12.3","pre-fix-868","1.12.2","1.12.1","1.12.0","1.11.18","1.11.17","1.11.16","1.11.15","1.11.14","1.11.13","1.11.12","1.11.11","1.11.9","reviewed-backport-hydro","1.11.10","1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0","1.10.0","1.9.54","1.9.53","1.9.52","1.9.51","1.9.50","1.9.49","1.9.48","1.9.47","1.9.46","1.9.45","1.9.44","1.9.43","1.9.42","1.9.41","1.9.40","1.9.39","1.9.38","1.9.37","1.9.36","1.9.35","1.9.34","1.9.33","1.9.32","1.9.31","1.9.30","1.9.29","1.9.28","1.9.27","1.9.26","1.9.25","1.9.24","1.9.23","1.9.22","1.9.21","1.9.18","1.9.17","1.9.16","1.9.15","1.9.14","1.9.13","1.9.12","1.9.11","1.9.10","1.9.9","1.9.8","1.9.7","1.9.6","1.9.5","1.9.4","1.9.3","1.9.2","1.9.1","1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13445.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}