CVE-2024-40427

Published: Jan 7, 2025Modified: Jun 17, 2026

7.9

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Exploitability: 1.5 / Impact: 5.8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute

Affected (1)

Products: Dronecode: Px4 Drone Autopilot

Dronecode

1 product

Px4 Drone Autopilot

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dronecode Px4 Drone Autopilot	Before 1.14.3

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (3)

https://github.com/PX4/PX4-Autopilot/commit/e03e0261a1a0c82f545e66a1e3795956c886db71

Source: cve@mitre.org

Patch

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-55wq-2hgm-75m4

Source: cve@mitre.org

ExploitVendor Advisory

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-55wq-2hgm-75m4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.