CVE-2023-47625

Published: Nov 13, 2023Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC packet remotely and that packet goes into the device where the _rcs_buf reads. The global buffer overflow vulnerability will be triggered and the drone can behave unexpectedly. This issue has been addressed in version 1.14.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (1)

Products: Dronecode: Px4 Drone Autopilot

1 product

Px4 Drone Autopilot

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dronecode Px4 Drone Autopilot	Version 1.14.0 rc2

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa

Source: security-advisories@github.com

Patch

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/PX4/PX4-Autopilot/commit/d1fcd39a44e6312582c6ab02b0d5ee2599fb55aa

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-qpw7-65ww-wj82

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.