We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-46256

PX4-Autopilot Heap Buffer Overflow Bug



Description

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

Reserved 2023-10-19 | Published 2023-10-31 | Updated 2024-09-05 | Assigner GitHub_M


MEDIUM: 4.4CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:L

Problem types

CWE-122: Heap-based Buffer Overflow

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

<= 1.14.0-rc1
affected

References

github.com/...opilot/security/advisories/GHSA-5hvv-q2r5-rppw

github.com/...tance_sensor/lightware_laser_serial/parser.cpp

cve.org (CVE-2023-46256)

nvd.nist.gov (CVE-2023-46256)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-46256

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.

© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.