GitHub_MCVE-2023-46256CVE-2023-46256
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
50.1%
PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of parserbuf_index value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an unsigned int, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dronecode | px4_drone_autopilot | * | cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:* |
| dronecode | px4_drone_autopilot | 1.14.0 | cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:beta1:*:*:*:*:*:* |
| dronecode | px4_drone_autopilot | 1.14.0 | cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:beta2:*:*:*:*:*:* |
| dronecode | px4_drone_autopilot | 1.14.0 | cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:rc1:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "PX4",
"product": "PX4-Autopilot",
"versions": [
{
"version": "<= 1.14.0-rc1",
"status": "affected"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
50.1%