Vulnerabilities > CVE-2023-46256 - Out-of-bounds Write vulnerability in Dronecode PX4 Drone Autopilot

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dronecode

CWE-787

critical

NVD

Published: 2023-10-31

Updated: 2023-11-08

Summary

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

Vulnerable Configurations

Part	Description	Count
Application	Dronecode Dronecode PX4 Drone Autopilot 1.14.0 Dronecode PX4 Drone Autopilot - Dronecode PX4 Drone Autopilot 1.0.0 Dronecode PX4 Drone Autopilot 1.0.1 Dronecode PX4 Drone Autopilot 1.1.0 Dronecode PX4 Drone Autopilot 1.1.1 Dronecode PX4 Drone Autopilot 1.1.2 Dronecode PX4 Drone Autopilot 1.1.3 Dronecode PX4 Drone Autopilot 1.2.0 Dronecode PX4 Drone Autopilot 1.3.0 Dronecode PX4 Drone Autopilot 1.3.1 Dronecode PX4 Drone Autopilot 1.3.2 Dronecode PX4 Drone Autopilot 1.3.3 Dronecode PX4 Drone Autopilot 1.3.4 Dronecode PX4 Drone Autopilot 1.4.0 Dronecode PX4 Drone Autopilot 1.4.1 Dronecode PX4 Drone Autopilot 1.4.2 Dronecode PX4 Drone Autopilot 1.4.3 Dronecode PX4 Drone Autopilot 1.4.4 Dronecode PX4 Drone Autopilot 1.5.0 Dronecode PX4 Drone Autopilot 1.5.1 Dronecode PX4 Drone Autopilot 1.5.2 Dronecode PX4 Drone Autopilot 1.5.4 Dronecode PX4 Drone Autopilot 1.5.5 Dronecode PX4 Drone Autopilot 1.6.0 Dronecode PX4 Drone Autopilot 1.6.2 Dronecode PX4 Drone Autopilot 1.6.3 Dronecode PX4 Drone Autopilot 1.6.4 Dronecode PX4 Drone Autopilot 1.6.5 Dronecode PX4 Drone Autopilot 1.7.0 Dronecode PX4 Drone Autopilot 1.7.1 Dronecode PX4 Drone Autopilot 1.7.2 Dronecode PX4 Drone Autopilot 1.7.3 Dronecode PX4 Drone Autopilot 1.7.4 Dronecode PX4 Drone Autopilot 1.8.0 Dronecode PX4 Drone Autopilot 1.8.1 Dronecode PX4 Drone Autopilot 1.8.2 Dronecode PX4 Drone Autopilot 1.9.0 Dronecode PX4 Drone Autopilot 1.9.1 Dronecode PX4 Drone Autopilot 1.9.2 Dronecode PX4 Drone Autopilot 1.10.0 Dronecode PX4 Drone Autopilot 1.10.1 Dronecode PX4 Drone Autopilot 1.10.2 Dronecode PX4 Drone Autopilot 1.11.0 Dronecode PX4 Drone Autopilot 1.11.1 Dronecode PX4 Drone Autopilot 1.11.2 Dronecode PX4 Drone Autopilot 1.11.3 Dronecode PX4 Drone Autopilot 1.12.0 Dronecode PX4 Drone Autopilot 1.12.1 Dronecode PX4 Drone Autopilot 1.12.2 Dronecode PX4 Drone Autopilot 1.12.3 Dronecode PX4 Drone Autopilot 1.13.0 Dronecode PX4 Drone Autopilot 1.13.1 Dronecode PX4 Drone Autopilot 1.13.2 Dronecode PX4 Drone Autopilot 1.13.3	132

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References