PX4 is an open-source autopilot software widely used in drones and unmanned vehicles. Versions up to 1.17.0-rc2 contain a stack-based buffer overflow vulnerability (CWE-121) in the MavlinkLogHandler module. The vulnerability arises because the LogEntry.filepath buffer is statically allocated with 60 bytes, but the sscanf function used to parse file paths from the MAVLink log list file does not limit input length. This allows an attacker with MAVLink link access to overflow the buffer by supplying a path longer than 60 characters. The exploitation requires first creating deeply nested directories via MAVLink FTP to generate long file paths, then requesting the log list to trigger the overflow. The overflow causes the flight controller's MAVLink task to crash, resulting in loss of telemetry data and command/control capabilities, effectively causing a denial of service (DoS) condition. The vulnerability does not require privileges or user interaction, making it easier to exploit if MAVLink link access is available. The issue has been addressed in a patch committed to the PX4 repository, which adds bounds checking to prevent buffer overflow. No known exploits have been reported in the wild, but the vulnerability poses a significant risk to drone operations relying on affected PX4 versions.

The primary impact of this vulnerability is denial of service on affected PX4-based flight controllers. By crashing the MAVLink communication task, an attacker can disrupt telemetry and command functions, potentially causing drones or unmanned vehicles to lose control or become unresponsive. This can lead to mission failure, safety hazards, or loss of expensive equipment. Since PX4 is widely used in commercial, research, and hobbyist drones globally, organizations relying on these systems for critical operations such as surveying, delivery, inspection, or defense could face operational disruptions. The vulnerability does not compromise confidentiality or integrity, but the loss of availability in real-time control systems is critical. The ease of exploitation without authentication increases risk, especially in environments where MAVLink links are exposed or insufficiently protected. Although no known exploits exist yet, the vulnerability could be leveraged in targeted attacks or by malicious insiders with MAVLink access.

Organizations should immediately upgrade PX4-Autopilot to versions later than 1.17.0-rc2 that include the patch fixing this buffer overflow. If upgrading is not immediately possible, restrict MAVLink link access to trusted and authenticated users only, ideally isolating MAVLink communication channels from untrusted networks. Implement network segmentation and firewall rules to prevent unauthorized MAVLink FTP and log requests. Monitor MAVLink traffic for unusual directory creation or log list requests that could indicate exploitation attempts. Consider applying runtime protections such as stack canaries or address space layout randomization (ASLR) if supported by the flight controller hardware and software environment. Conduct thorough testing of autopilot firmware updates in controlled environments before deployment to ensure stability and security. Finally, maintain awareness of PX4 security advisories and community updates for any emerging threats or patches.