CVE-2024-40427

HighPublic PoC

Published: 07 January 2025

Published

07 January 2025

Modified

20 June 2025

KEV Added

—

Patch

—

CVSS Score 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

EPSS Score 0.0023 45.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute

Security Summary

CVE-2024-40427 is a stack buffer overflow vulnerability (CWE-120) in PX4-Autopilot version 1.14.3. Published on 2025-01-07, it carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H), indicating high severity due to its potential for significant integrity and availability impacts without confidentiality loss.

The vulnerability can be exploited by local attackers with low privileges who trick a user into some interaction. Successful exploitation enables command execution, allowing attackers to manipulate program behavior and cause the software to refuse execution, resulting in high integrity and availability disruptions within a changed scope.

Mitigation is addressed in a patch via GitHub commit e03e0261a1a0c82f545e66a1e3795956c886db71 in the PX4-Autopilot repository. Further details on the issue and remediation are available in the associated security advisory at GHSA-55wq-2hgm-75m4.

Details

CWE(s): CWE-120

Affected Products

dronecode

px4 drone autopilot

≤ 1.14.3

References

https://github.com/PX4/PX4-Autopilot/commit/e03e0261a1a0c82f545e66a1e3795956c886db71
Patch · cve@mitre.org
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-55wq-2hgm-75m4
Exploit, Vendor Advisory · cve@mitre.org
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-55wq-2hgm-75m4
Exploit, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0