{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T01:11:42.277","vulnerabilities":[{"cve":{"id":"CVE-2023-46256","sourceIdentifier":"security-advisories@github.com","published":"2023-10-31T16:15:10.080","lastModified":"2024-11-21T08:28:11.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available."},{"lang":"es","value":"PX4-Autopilot proporciona una solución de control de vuelo PX4 para drones. En las versiones 1.14.0-rc1 y anteriores, PX4-Autopilot tiene una vulnerabilidad de desbordamiento del búfer de montón en la función del analizador debido a la ausencia de verificación del valor `parserbuf_index`. Un mal funcionamiento del dispositivo sensor puede provocar un desbordamiento del búfer de almacenamiento dinámico, lo que provocará un comportamiento inesperado del dron. Las aplicaciones maliciosas pueden aprovechar la vulnerabilidad incluso si no se produce un mal funcionamiento del sensor del dispositivo. Hasta el valor máximo de un `unsigned int`, se pueden escribir datos de tamaño de bytes en el área de memoria del montón. Al momento de la publicación, no hay ninguna versión fija disponible."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:L","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*","versionEndIncluding":"1.13.3","matchCriteriaId":"78D98550-9561-4A71-9D2F-1BCE023C983D"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:beta1:*:*:*:*:*:*","matchCriteriaId":"1F0BC4DF-E761-446E-917E-D9313606B783"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:beta2:*:*:*:*:*:*","matchCriteriaId":"FAD25F65-00AF-418E-9B14-87893CA453F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:rc1:*:*:*:*:*:*","matchCriteriaId":"37546352-3A66-483D-93CB-90F474E683B7"}]}]}],"references":[{"url":"https://github.com/PX4/PX4-Autopilot/blob/main/src/drivers/distance_sensor/lightware_laser_serial/parser.cpp#L87","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-5hvv-q2r5-rppw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/PX4/PX4-Autopilot/blob/main/src/drivers/distance_sensor/lightware_laser_serial/parser.cpp#L87","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-5hvv-q2r5-rppw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}