Zeroone-Kr

**Name of the Vulnerable Software and Affected Versions** PX4-Autopilot versions 1.14.0-rc1 and prior **Description** The issue is related to a heap buffer overflow vulnerability in the parser function of PX4-Autopilot due to the absence of `parserbuf index` value checking. This can cause unexpected drone behavior if a sensor device malfunctions. Additionally, malicious applications can exploit this vulnerability even without a sensor malfunction, allowing up to the maximum value of an `unsigned int` bytes of data to be written to the heap memory area. **Recommendations** As a temporary workaround, consider disabling the parser function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.