Buffer Copy Vulnerability Affects DJI Drone Devices, Leading to Denial-of-Service Attacks
CVE-2023-6948

3LOW

Key Information:

Vendor: Dji
Status: Mavic 3 Pro; Mavic 3; Mavic 3 Classic; Mavic 3 Enterprise
Vendor: CVE Published:; 2 April 2024

What is CVE-2023-6948?

A buffer overflow vulnerability exists in the v2_sdk_service that affects various DJI drone models. This vulnerability arises from a buffer copy operation lacking a proper check for the size of the input, specifically in the sdk_printf function within the libv2_sdk.so library. An attacker can exploit this flaw by sending a specially crafted payload through port 10000, which may lead to a crash of the service, resulting in a denial-of-service condition. The issue poses significant risks to the availability of the affected service, compromising the performance and reliability of the drone operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Matrice 300 0 < 57.00.01.00

Matrice M30 0 < 07.01.0022

Mavic 3 0 < 01.00.1200

References

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2024

JSON

Dji

What is CVE-2023-6948?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.