Home > Vulnerability Database > CVE-2023-46256

Mend.io Vulnerability Database

CVE-2023-46256

Date: October 31, 2023

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of "parserbuf_index" value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an "unsigned int", bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

Language: C++

Severity Score

4.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46256

Url: https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-5hvv-q2r5-rppw

Url: https://github.com/PX4/PX4-Autopilot/blob/main/src/drivers/distance_sensor/lightware_laser_serial/parser.cpp#L87

Url: https://www.mend.io/vulnerability-database/CVE-2023-46256

Severity Score

4.4

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46256

Date: October 31, 2023

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?