CVE-2023-46256

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-120
View all →

Vulnerability Description

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

Related Vulnerabilities

CVE-2006-6024

CRITICAL
CVSS:9.8(Critical)

Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudo...

CWE-1202006

CVE-2009-0948

CRITICAL
CVSS:9.8(Critical)

Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.

CWE-1202009

CVE-2009-5041

CRITICAL
CVSS:9.8(Critical)

overkill has buffer overflow via long player names that can corrupt data on the server machine

CWE-1202009

CVE-2010-1205

CRITICAL
CVSS:9.8(Critical)

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers ...

CWE-1202010

CVE-2010-5333

CRITICAL
CVSS:9.8(Critical)

The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execu...

CWE-1202010