CVE-2023-46256

Name of the Vulnerable Software and Affected Versions PX4-Autopilot versions 1.14.0-rc1 and prior

Description The issue is related to a heap buffer overflow vulnerability in the parser function of PX4-Autopilot due to the absence of parserbuf index value checking. This can cause unexpected drone behavior if a sensor device malfunctions. Additionally, malicious applications can exploit this vulnerability even without a sensor malfunction, allowing up to the maximum value of an unsigned int bytes of data to be written to the heap memory area.

Recommendations As a temporary workaround, consider disabling the parser function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.