PX4-Autopilot Heap Buffer Overflow Bug
CVE-2023-46256

4.4MEDIUM

Key Information:

Vendor: Px4
Status: Px4-autopilot
Vendor: CVE Published:; 31 October 2023

What is CVE-2023-46256?

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of parserbuf_index value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an unsigned int, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PX4-Autopilot <= 1.14.0-rc1

References

https://github.com/PX4/PX4-Autopilot/security/advisories/...

x_refsource_CONFIRM

https://github.com/PX4/PX4-Autopilot/blob/main/src/driver...

x_refsource_MISC

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 31, 2023
Vulnerability Reserved
Oct 19, 2023

JSON

Px4