HIGH🇵🇱 Wersja polska

CVE-2026-32708

CVSS 7.8v3.1pub. 2026-03-16upd. 2026-03-17

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy, causing a stack overflow and crash of the Zenoh bridge task. This vulnerability is fixed in 1.17.0-rc2.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Dronecode Px4 Drone Autopilot

    APP
    Dronecode
    1.17.0< 1.17.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-32706HIGH7.1ten sam produkt

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an over...

CVE-2026-26741HIGH8.1ten sam produkt

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switch...

CVE-2026-26742HIGH8.1ten sam produkt

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Perio...

CVE-2024-40427HIGH7.9ten sam produkt

Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vul...

CVE-2024-38952HIGH7.5ten sam produkt

PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logg...