{"id":"UBUNTU-CVE-2019-13445","details":"An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.","modified":"2026-04-22T13:32:20.218923Z","published":"2019-12-30T18:15:00Z","upstream":["CVE-2019-13445"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13445"},{"type":"REPORT","url":"https://github.com/ros/ros_comm/issues/1738"},{"type":"REPORT","url":"https://github.com/ros/ros_comm/pull/1741"},{"type":"REPORT","url":"https://github.com/ros/ros_comm/blob/melodic-devel/tools/rosbag/src/record.cpp#L129"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-13445"}],"affected":[{"package":{"name":"ros-ros-comm","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ros-ros-comm@1.11.16-3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.11.16-2","1.11.16-3"],"ecosystem_specific":{"binaries":[{"binary_version":"1.11.16-3","binary_name":"cl-roscpp-msgs"},{"binary_version":"1.11.16-3","binary_name":"cl-topic-tools"},{"binary_version":"1.11.16-3","binary_name":"libmessage-filters0d"},{"binary_version":"1.11.16-3","binary_name":"librosbag-storage0d"},{"binary_version":"1.11.16-3","binary_name":"librosbag0d"},{"binary_version":"1.11.16-3","binary_name":"librosconsole0d"},{"binary_version":"1.11.16-3","binary_name":"libroscpp0d"},{"binary_version":"1.11.16-3","binary_name":"libroslz4-0d"},{"binary_version":"1.11.16-3","binary_name":"libtopic-tools0d"},{"binary_version":"1.11.16-3","binary_name":"libxmlrpcpp0d"},{"binary_version":"1.11.16-3","binary_name":"python-message-filters"},{"binary_version":"1.11.16-3","binary_name":"python-rosbag"},{"binary_version":"1.11.16-3","binary_name":"python-roscpp-msgs"},{"binary_version":"1.11.16-3","binary_name":"python-rosgraph"},{"binary_version":"1.11.16-3","binary_name":"python-roslaunch"},{"binary_version":"1.11.16-3","binary_name":"python-roslz4"},{"binary_version":"1.11.16-3","binary_name":"python-rosmaster"},{"binary_version":"1.11.16-3","binary_name":"python-rosmsg"},{"binary_version":"1.11.16-3","binary_name":"python-rosnode"},{"binary_version":"1.11.16-3","binary_name":"python-rosparam"},{"binary_version":"1.11.16-3","binary_name":"python-rospy"},{"binary_version":"1.11.16-3","binary_name":"python-rosservice"},{"binary_version":"1.11.16-3","binary_name":"python-rostest"},{"binary_version":"1.11.16-3","binary_name":"python-rostopic"},{"binary_version":"1.11.16-3","binary_name":"python-roswtf"},{"binary_version":"1.11.16-3","binary_name":"python-topic-tools"},{"binary_version":"1.11.16-3","binary_name":"rosout"},{"binary_version":"1.11.16-3","binary_name":"topic-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-13445.json"}},{"package":{"name":"ros-ros-comm","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/ros-ros-comm@1.13.5+ds1-3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.12.6-2","1.13.3+ds1-1","1.13.5+ds1-1","1.13.5+ds1-2","1.13.5+ds1-3"],"ecosystem_specific":{"binaries":[{"binary_version":"1.13.5+ds1-3","binary_name":"cl-roscpp-msgs"},{"binary_version":"1.13.5+ds1-3","binary_name":"cl-topic-tools"},{"binary_version":"1.13.5+ds1-3","binary_name":"libmessage-filters1d"},{"binary_version":"1.13.5+ds1-3","binary_name":"librosbag-storage2d"},{"binary_version":"1.13.5+ds1-3","binary_name":"librosbag3d"},{"binary_version":"1.13.5+ds1-3","binary_name":"librosconsole2d"},{"binary_version":"1.13.5+ds1-3","binary_name":"libroscpp1d"},{"binary_version":"1.13.5+ds1-3","binary_name":"libroslz4-1d"},{"binary_version":"1.13.5+ds1-3","binary_name":"libtopic-tools1d"},{"binary_version":"1.13.5+ds1-3","binary_name":"libxmlrpcpp1d"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-message-filters"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rosbag"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-roscpp-msgs"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rosgraph"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-roslaunch"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-roslz4"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rosmaster"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rosmsg"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rosnode"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rosparam"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rospy"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rosservice"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rostest"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-rostopic"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-roswtf"},{"binary_version":"1.13.5+ds1-3","binary_name":"python-topic-tools"},{"binary_version":"1.13.5+ds1-3","binary_name":"ros-roscpp-msgs"},{"binary_version":"1.13.5+ds1-3","binary_name":"ros-topic-tools-srvs"},{"binary_version":"1.13.5+ds1-3","binary_name":"rosout"},{"binary_version":"1.13.5+ds1-3","binary_name":"topic-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-13445.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}