CVE-2023-46256

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-46256

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46256.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46256

Aliases

GHSA-5hvv-q2r5-rppw

Published

2023-10-31T15:29:05.943Z

Modified

2026-04-10T05:03:40.590171Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:L CVSS Calculator

Summary

PX4-Autopilot Heap Buffer Overflow Bug

Details

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of parserbuf_index value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an unsigned int, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-120",
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46256.json"
}

References

Affected packages

Git / github.com/px4/px4-autopilot

Affected ranges

Type

GIT

Repo

https://github.com/px4/px4-autopilot

Events

Introduced

Last affected

5359fe59e507896dace176d7fd8f9b0d00c2e3b6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.0-rc1"
        }
    ]
}

Affected versions

v1.*

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.0.0beta2

v1.0.0rc10

v1.0.0rc12

v1.0.0rc7

v1.0.0rc8

v1.0.0rc9

v1.1.0beta1

v1.1.0beta3

v1.1.1

v1.1.2

v1.1.3

v1.10.0-beta1

v1.10.0-beta2

v1.10.0-beta3

v1.10.0-beta4

v1.11.0-beta1

v1.11.0-beta2

v1.11.0-rc1

v1.11.0-rc2

v1.11.0-rc3

v1.12.0

v1.12.0-beta2

v1.12.0-beta3

v1.12.0-beta4

v1.12.0-beta5

v1.12.0-beta6

v1.12.0-rc1

v1.13.0-alpha1

v1.13.0-beta1

v1.14.0-beta1

v1.14.0-beta2

v1.14.0-rc1

v1.3.0rc1

v1.3.0rc2

v1.3.0rc3

v1.3.2

v1.4.0rc1

v1.4.0rc2

v1.4.0rc3

v1.4.0rc4

v1.4.1

v1.4.1rc1

v1.4.1rc2

v1.4.1rc3

v1.4.1rc4

v1.4.2

v1.4.3

v1.4.4rc1

v1.5.0

v1.5.1

v1.5.1rc2

v1.5.1rc3

v1.5.1rc4

v1.5.2

v1.6.0-rc2

v1.6.0-rc3

v1.6.0-rc4

v1.6.0rc1

v1.6.2

v1.6.4

v1.6.5

v1.7.0

v1.7.0-rc0

v1.7.0-rc1

v1.7.0-rc2

v1.7.0-rc3

v1.7.0-rc4

v1.7.1

v1.7.2

v1.7.3

v1.7.3beta

v1.7.4beta

v1.8.0

v1.8.0-beta1

v1.8.0-beta2

v1.8.0-rc0

v1.9.0

v1.9.0-alpha

v1.9.0-beta1

v1.9.0-beta2

v1.9.0-beta3

v1.9.0-rc0

v1.9.0-rc1

v1.9.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46256.json"