{"id":"CVE-2022-48198","details":"The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter.","modified":"2026-04-12T05:04:11.190582Z","published":"2023-01-01T07:15:10.187Z","references":[{"type":"ADVISORY","url":"https://github.com/vooon/ntpd_driver/compare/1.2.0...1.3.0"},{"type":"ADVISORY","url":"https://github.com/vooon/ntpd_driver/compare/2.1.0...2.2.0"},{"type":"FIX","url":"https://github.com/vooon/ntpd_driver/issues/9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vooon/ntpd_driver","events":[{"introduced":"0"},{"fixed":"d5cd82ed0d23d56feae09581d84cbbb6334e930b"},{"introduced":"67138da0d32d34c2ec73dd04d9b1537e7613eb8d"},{"fixed":"b144d30b8b5f9378eea4e1ba9f5ecd0c859bb8ef"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:ntpd_driver_project:ntpd_driver:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.3.0"},{"introduced":"2.0.0"},{"fixed":"2.2.0"}]}}],"versions":["1.0.0","1.0.1","1.0.2","1.1.0","1.1.1","1.2.0","2.0.0","2.0.1","2.0.2","2.1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48198.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}