ByteOS Network

Vulnerability Details :

CVE-2023-47625

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-13 Nov, 2023 | 20:40

Updated At-03 Sep, 2024 | 17:29

Global Buffer Overflow leading to denial of service in PX4-Autopilot

PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC packet remotely and that packet goes into the device where the _rcs_buf reads. The global buffer overflow vulnerability will be triggered and the drone can behave unexpectedly. This issue has been addressed in version 1.14.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitHub_M

Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa

Published At:13 Nov, 2023 | 20:40

Updated At:03 Sep, 2024 | 17:29

▼CVE Numbering Authority (CNA)

Global Buffer Overflow leading to denial of service in PX4-Autopilot

Affected Products

Vendor

PX4

Product

PX4-Autopilot

Versions

Affected

< 1.14.0

Problem Types

Type	CWE ID	Description
CWE	CWE-120	CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Type: CWE

CWE ID: CWE-120

Description: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Metrics

Version	Base score	Base severity	Vector
3.1	2.9	LOW	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Version: 3.1

Base score: 2.9

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

Hyperlink	Resource
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82	x_refsource_CONFIRM
https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa	x_refsource_MISC

Hyperlink: https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82	x_refsource_CONFIRM x_transferred
https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa	x_refsource_MISC x_transferred

Hyperlink: https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa

Resource:

x_refsource_MISC

x_transferred

2. CISA ADP Vulnrichment

Affected Products

Vendor

dronecode

Product

px4_drone_autopilot

CPEs

cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.14.0 (custom)

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security-advisories@github.com

Published At:13 Nov, 2023 | 21:15

Updated At:20 Nov, 2023 | 19:29

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary	3.1	2.9	LOW	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Type: Primary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Type: Secondary

Version: 3.1

Base score: 2.9

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CPE Matches

dronecode>>px4_drone_autopilot>>1.14.0

cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:rc2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	security-advisories@github.com

CWE ID: CWE-120

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa	security-advisories@github.com	Patch
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82	security-advisories@github.com	Exploit Vendor Advisory

Hyperlink: https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa

Source: security-advisories@github.com

Resource:

Patch

Hyperlink: https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82

Source: security-advisories@github.com

Resource:

Exploit

Vendor Advisory

Similar CVEs

7Records found

CVE-2023-46256

Matching Score-6

Assigner-GitHub, Inc.

View Details

Matching Score-6

Assigner-GitHub, Inc.

CVSS Score-4.4||MEDIUM

EPSS-0.30% / 53.12%

7 Day CHG~0.00%

Published-31 Oct, 2023 | 15:29

Updated-05 Sep, 2024 | 20:15

PX4-Autopilot Heap Buffer Overflow Bug

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

Vendor-dronecode PX4

Product-px4_drone_autopilot PX4-Autopilot

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-46896

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.81%

7 Day CHG~0.00%

Published-06 Jul, 2023 | 00:00

Updated-20 Nov, 2024 | 20:08

Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.

Vendor-dronecode n/a

Product-px4_drone_autopilot n/a

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-40427

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-7.9||HIGH

EPSS-0.03% / 7.79%

7 Day CHG~0.00%

Published-07 Jan, 2025 | 00:00

Updated-20 Jun, 2025 | 18:04

Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute

Vendor-dronecode n/a

Product-px4_drone_autopilot n/a

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-38951

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.18% / 39.66%

7 Day CHG~0.00%

Published-25 Jun, 2024 | 00:00

Updated-20 Jun, 2025 | 18:54

A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message.

Vendor-dronecode n/a

Product-px4_drone_autopilot n/a

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-38952

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.44% / 62.24%

7 Day CHG~0.00%

Published-25 Jun, 2024 | 00:00

Updated-20 Jun, 2025 | 18:54

PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp.

Vendor-dronecode n/a dronecode

Product-px4_drone_autopilot n/a px4_drone_autopilot

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-30799

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-4.4||MEDIUM

EPSS-0.94% / 75.22%

7 Day CHG~0.00%

Published-22 Apr, 2024 | 00:00

Updated-12 Jun, 2025 | 23:57

An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function.

Vendor-dronecode n/a dronecode

Product-px4_drone_autopilot n/a px4_drone_autopilot

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-37571

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.11% / 29.40%

7 Day CHG~0.00%

Published-26 Jun, 2024 | 00:00

Updated-05 Nov, 2024 | 15:35

Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter.

Vendor-n/a

Product-n/a

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-47625

Credits

Global Buffer Overflow leading to denial of service in PX4-Autopilot

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs