{"id":"UBUNTU-CVE-2020-16124","details":"Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065.","modified":"2026-04-22T12:31:11.878998Z","published":"2020-10-13T15:15:00Z","upstream":["CVE-2020-16124"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-16124"},{"type":"REPORT","url":"https://github.com/ros/ros_comm/pull/2065"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2020-16124"}],"affected":[{"package":{"name":"ros-ros-comm","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ros-ros-comm@1.11.16-3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.11.16-2","1.11.16-3"],"ecosystem_specific":{"binaries":[{"binary_name":"cl-roscpp-msgs","binary_version":"1.11.16-3"},{"binary_name":"cl-topic-tools","binary_version":"1.11.16-3"},{"binary_name":"libmessage-filters0d","binary_version":"1.11.16-3"},{"binary_name":"librosbag-storage0d","binary_version":"1.11.16-3"},{"binary_name":"librosbag0d","binary_version":"1.11.16-3"},{"binary_name":"librosconsole0d","binary_version":"1.11.16-3"},{"binary_name":"libroscpp0d","binary_version":"1.11.16-3"},{"binary_name":"libroslz4-0d","binary_version":"1.11.16-3"},{"binary_name":"libtopic-tools0d","binary_version":"1.11.16-3"},{"binary_name":"libxmlrpcpp0d","binary_version":"1.11.16-3"},{"binary_name":"python-message-filters","binary_version":"1.11.16-3"},{"binary_name":"python-rosbag","binary_version":"1.11.16-3"},{"binary_name":"python-roscpp-msgs","binary_version":"1.11.16-3"},{"binary_name":"python-rosgraph","binary_version":"1.11.16-3"},{"binary_name":"python-roslaunch","binary_version":"1.11.16-3"},{"binary_name":"python-roslz4","binary_version":"1.11.16-3"},{"binary_name":"python-rosmaster","binary_version":"1.11.16-3"},{"binary_name":"python-rosmsg","binary_version":"1.11.16-3"},{"binary_name":"python-rosnode","binary_version":"1.11.16-3"},{"binary_name":"python-rosparam","binary_version":"1.11.16-3"},{"binary_name":"python-rospy","binary_version":"1.11.16-3"},{"binary_name":"python-rosservice","binary_version":"1.11.16-3"},{"binary_name":"python-rostest","binary_version":"1.11.16-3"},{"binary_name":"python-rostopic","binary_version":"1.11.16-3"},{"binary_name":"python-roswtf","binary_version":"1.11.16-3"},{"binary_name":"python-topic-tools","binary_version":"1.11.16-3"},{"binary_name":"rosout","binary_version":"1.11.16-3"},{"binary_name":"topic-tools","binary_version":"1.11.16-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-16124.json"}},{"package":{"name":"ros-ros-comm","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/ros-ros-comm@1.13.5+ds1-3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.12.6-2","1.13.3+ds1-1","1.13.5+ds1-1","1.13.5+ds1-2","1.13.5+ds1-3"],"ecosystem_specific":{"binaries":[{"binary_name":"cl-roscpp-msgs","binary_version":"1.13.5+ds1-3"},{"binary_name":"cl-topic-tools","binary_version":"1.13.5+ds1-3"},{"binary_name":"libmessage-filters1d","binary_version":"1.13.5+ds1-3"},{"binary_name":"librosbag-storage2d","binary_version":"1.13.5+ds1-3"},{"binary_name":"librosbag3d","binary_version":"1.13.5+ds1-3"},{"binary_name":"librosconsole2d","binary_version":"1.13.5+ds1-3"},{"binary_name":"libroscpp1d","binary_version":"1.13.5+ds1-3"},{"binary_name":"libroslz4-1d","binary_version":"1.13.5+ds1-3"},{"binary_name":"libtopic-tools1d","binary_version":"1.13.5+ds1-3"},{"binary_name":"libxmlrpcpp1d","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-message-filters","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rosbag","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-roscpp-msgs","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rosgraph","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-roslaunch","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-roslz4","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rosmaster","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rosmsg","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rosnode","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rosparam","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rospy","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rosservice","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rostest","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-rostopic","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-roswtf","binary_version":"1.13.5+ds1-3"},{"binary_name":"python-topic-tools","binary_version":"1.13.5+ds1-3"},{"binary_name":"ros-roscpp-msgs","binary_version":"1.13.5+ds1-3"},{"binary_name":"ros-topic-tools-srvs","binary_version":"1.13.5+ds1-3"},{"binary_name":"rosout","binary_version":"1.13.5+ds1-3"},{"binary_name":"topic-tools","binary_version":"1.13.5+ds1-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-16124.json"}},{"package":{"name":"ros-ros-comm","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/ros-ros-comm@1.14.3+ds1-11ubuntu5?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.3+ds1-5build2","1.14.3+ds1-8","1.14.3+ds1-10","1.14.3+ds1-11","1.14.3+ds1-11ubuntu2","1.14.3+ds1-11ubuntu3","1.14.3+ds1-11ubuntu5"],"ecosystem_specific":{"binaries":[{"binary_name":"cl-roscpp-msg","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"cl-topic-tools","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"libmessage-filters1d","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"librosbag-storage3d","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"librosbag3d","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"libroscpp2d","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"libroslz4-1d","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"libtopic-tools1d","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"libxmlrpcpp2d","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-message-filters","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rosbag","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-roscpp-msg","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rosgraph","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-roslaunch","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-roslz4","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rosmaster","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rosmsg","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rosnode","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rosparam","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rospy","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rosservice","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rostest","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-rostopic","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-roswtf","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"python3-topic-tools","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"ros-roscpp-msg","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"ros-topic-tools-srvs","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"rosout","binary_version":"1.14.3+ds1-11ubuntu5"},{"binary_name":"topic-tools","binary_version":"1.14.3+ds1-11ubuntu5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-16124.json"}},{"package":{"name":"ros-ros-comm","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/ros-ros-comm@1.15.14+ds-2build2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.15.9+ds1-7","1.15.9+ds1-7build1","1.15.13+ds1-6build1","1.15.14+ds-2","1.15.14+ds-2build1","1.15.14+ds-2build2"],"ecosystem_specific":{"binaries":[{"binary_name":"cl-roscpp-msg","binary_version":"1.15.14+ds-2build2"},{"binary_name":"cl-topic-tools","binary_version":"1.15.14+ds-2build2"},{"binary_name":"libmessage-filters1d","binary_version":"1.15.14+ds-2build2"},{"binary_name":"librosbag-storage4d","binary_version":"1.15.14+ds-2build2"},{"binary_name":"librosbag4d","binary_version":"1.15.14+ds-2build2"},{"binary_name":"libroscpp4d","binary_version":"1.15.14+ds-2build2"},{"binary_name":"libroslz4-1d","binary_version":"1.15.14+ds-2build2"},{"binary_name":"libtopic-tools2d","binary_version":"1.15.14+ds-2build2"},{"binary_name":"libxmlrpcpp3d","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-message-filters","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rosbag","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-roscpp-msg","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rosgraph","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-roslaunch","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-roslz4","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rosmaster","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rosmsg","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rosnode","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rosparam","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rospy","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rosservice","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rostest","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-rostopic","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-roswtf","binary_version":"1.15.14+ds-2build2"},{"binary_name":"python3-topic-tools","binary_version":"1.15.14+ds-2build2"},{"binary_name":"ros-roscpp-msg","binary_version":"1.15.14+ds-2build2"},{"binary_name":"ros-topic-tools-srvs","binary_version":"1.15.14+ds-2build2"},{"binary_name":"rosout","binary_version":"1.15.14+ds-2build2"},{"binary_name":"topic-tools","binary_version":"1.15.14+ds-2build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-16124.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}