CVE-2024-24254

Опубликовано: 06 фев. 2024

Источник: nvd

CVSS3: 4.2

EPSS Низкий

Описание

PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.

Ссылки

https://github.com/Drone-Lab/PX4-Autopilot/blob/report-can-not-pause-vulnerability/Multi-Threaded%20Race%20Condition%20bug%20found%20in%20PX4%20cause%20drone%20can%20not%20PAUSE.md
Exploit
Third Party Advisory
https://github.com/PX4/PX4-Autopilot
Product
https://github.com/Drone-Lab/PX4-Autopilot/blob/report-can-not-pause-vulnerability/Multi-Threaded%20Race%20Condition%20bug%20found%20in%20PX4%20cause%20drone%20can%20not%20PAUSE.md
Exploit
Third Party Advisory
https://github.com/PX4/PX4-Autopilot
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*

Версия до 1.14.0 (включая)

EPSS

Процентиль: 11%

0.00037

Низкий

4.2 Medium

CVSS3

Дефекты

CWE-362

Связанные уязвимости

GHSA-f5rg-254c-x94v