CVE-2023-46256

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:L
GitHub_MCNA
4.4 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
dronecodepx4_drone_autopilot
𝑥
≤ 1.13.3
dronecodepx4_drone_autopilot
1.14.0:beta1
dronecodepx4_drone_autopilot
1.14.0:beta2
dronecodepx4_drone_autopilot
1.14.0:rc1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/PX4/PX4-Autopilot/blob/main/src/drivers/distance_sensor/lightware_laser_serial/parser.cpp#L87
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-5hvv-q2r5-rppw
https://github.com/PX4/PX4-Autopilot/blob/main/src/drivers/distance_sensor/lightware_laser_serial/parser.cpp#L87
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-5hvv-q2r5-rppw