← Retour aux CVEs
CVE-2023-47625
LOW2.9
Description
PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC packet remotely and that packet goes into the device where the _rcs_buf reads. The global buffer overflow vulnerability will be triggered and the drone can behave unexpectedly. This issue has been addressed in version 1.14.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Details CVE
Score CVSS v3.12.9
SeveriteLOW
Vecteur CVSSCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vecteur d'attaqueLOCAL
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie11/13/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
dronecode:px4_drone_autopilot
Faiblesses (CWE)
CWE-120
References
https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa(security-advisories@github.com)
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82(security-advisories@github.com)
https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.