CVE-2023-47625

Name of the Vulnerable Software and Affected Versions PX4 autopilot versions prior to 1.14.0

Description A global buffer overflow vulnerability exists in the CrsfParser TryParseCrsfPacket function due to an invalid size check. This allows a malicious user to create an RC packet remotely, which can trigger the buffer overflow and cause the drone to behave unexpectedly.

Recommendations For versions prior to 1.14.0, upgrade to version 1.14.0 to resolve the issue. As a temporary workaround, consider restricting access to the CrsfParser TryParseCrsfPacket function until the upgrade is applied.