Kmm2003

**Name of the Vulnerable Software and Affected Versions** PX4 autopilot versions prior to 1.17.0-rc2 **Description** PX4 autopilot is a flight control solution for drones. The `crsf rc` parser does not properly validate the size of variable-length packets before copying data into a 64-byte global buffer, leading to a potential buffer overflow. An attacker with adjacent/raw-serial access to a CRSF serial port where `crsf rc` is enabled can cause memory corruption and crash the system. **Recommendations** Update to version 1.17.0-rc2 or later.

**Name of the Vulnerable Software and Affected Versions** PX4 autopilot versions prior to 1.17.0-rc2 **Description** PX4 autopilot is a flight control solution for drones. The `tattu can` component contains an unbounded `memcpy` function within its multi-frame assembly loop. This allows for stack memory overwrite when specifically crafted CAN frames are processed. If `tattu can` is enabled and running, an attacker capable of CAN injection can cause a crash (Denial of Service) and memory corruption. **Recommendations** Versions prior to 1.17.0-rc2 should be updated to version 1.17.0-rc2 or later.