CVE-2026-32705 PUBLISHED

PX4 autopilot BST Device Name Length Can Overflow Driver Buffer

Assigner: GitHub_M
Reserved: 13.03.2026 Published: 13.03.2026 Updated: 13.03.2026

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev_name_len, causing a stack overflow in the driver and crashing the task (or enabling code execution). This vulnerability is fixed in 1.17.0-rc2.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 6.8

Attack Vector	Physical	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	PX4
Product	PX4-Autopilot
Versions	Version < 1.17.0-rc2 is affected

References

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-79mp-34pp-2f3f

Problem Types

CWE-121: Stack-based Buffer Overflow CWE