Unrated severityNVD Advisory· Published Oct 31, 2023· Updated Sep 5, 2024

PX4-Autopilot Heap Buffer Overflow Bug

CVE-2023-46256

Description

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of parserbuf_index value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an unsigned int, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

Affected products

Px4/Px4 Autopilotv5
Range: <= 1.14.0-rc1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/PX4/PX4-Autopilot/blob/main/src/drivers/distance_sensor/lightware_laser_serial/parser.cppmitrex_refsource_MISC
github.com/PX4/PX4-Autopilot/security/advisories/GHSA-5hvv-q2r5-rppwmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000