Description
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp components.
Published: 2026-05-13
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

ArduPilot Copter contains a stack‑based buffer overflow in the AP_MSP::loop component of AP_MSP.cpp. An attacker who can execute code locally on a copter device may overflow a buffer during an MSP loop, leading to a crash of the Copter’s software and thereby denying service. The weakness is a classic buffer overflow (CWE-119).

Affected Systems

The vulnerability is present in ArduPilot Copter software, specifically affecting the AP_MSP::loop, AP_MSP, and AP_MSP.cpp modules. No particular product version is cited, but any instance of the Copter code base that has not been updated to the latest commit 92693e023793133e49a035daf37c14433e484778 is likely impacted.

Risk and Exploitability

The attack vector is local; an adversary must already have access to the copter’s operating environment to trigger the overflow. The CVSS score is 5.5, and EPSS data is unavailable, giving a moderate indication of exploit likelihood. The vulnerability is not listed in the CISA KEV catalog, indicating no known exploitation in the wild. Nevertheless, a local attacker can cause a denial of service by crashing the Copter’s software, potentially interrupting flight operations.

Generated by OpenCVE AI on May 13, 2026 at 22:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the ArduPilot Copter code base to commit 92693e023793133e49a035daf37c14433e484778 or later, which contains the buffer overflow fix.
  • If an immediate code update is not possible, restrict local access to the copter’s control system to trusted users only, thereby reducing the opportunity for a local attacker to exploit the vulnerability.
  • Recompile the Copter firmware with stack‑protection and address‑sanitizer flags enabled to mitigate similar buffer overflow risks in the future.

Generated by OpenCVE AI on May 13, 2026 at 22:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Ardupilot
Ardupilot ardupilot
Vendors & Products Ardupilot
Ardupilot ardupilot

Wed, 13 May 2026 23:00:00 +0000

Type Values Removed Values Added
Title Local Buffer Overflow in ArduPilot Copter Causes Denial of Service

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title Local Buffer Overflow in Ardupiot Copter Causing Denial of Service
Weaknesses CWE-121

Wed, 13 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Local Buffer Overflow in Ardupiot Copter Causing Denial of Service
Weaknesses CWE-121

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp components.
References

Subscriptions

Ardupilot Ardupilot
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-13T17:23:36.249Z

Reserved: 2024-10-28T00:00:00.000Z

Link: CVE-2024-51394

cve-icon Vulnrichment

Updated: 2026-05-13T17:23:20.866Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:34.553

Modified: 2026-05-13T18:16:11.147

Link: CVE-2024-51394

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T19:42:19Z

Weaknesses