← Back to CVEs
CVE-2023-47625
LOW2.9
Description
PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC packet remotely and that packet goes into the device where the _rcs_buf reads. The global buffer overflow vulnerability will be triggered and the drone can behave unexpectedly. This issue has been addressed in version 1.14.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE Details
CVSS v3.1 Score2.9
SeverityLOW
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published11/13/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
dronecode:px4_drone_autopilot
Weaknesses (CWE)
CWE-120
References
https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa(security-advisories@github.com)
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82(security-advisories@github.com)
https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.