CVE-2024-51395 - Vulnerability Details

- Local Buffer Overflow in ArduPilot Copter SmartAudio Causes Denial of Service

Description

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components.

Published: 2026-05-13

Score: 6.2 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack-based buffer overflow exists in the AP_SmartAudio module of ArduPilot Copter. An attacker with local access can trigger the flaw through the AP_SmartAudio::loop routine, causing memory corruption that brings the flight controller to an abnormal state and results in a service interruption. The flaw does not provide a mechanism for code execution and its impact is confined to the affected device. The weakness is a classic example of buffer overflow, where unchecked write operations corrupt adjacent memory.

Affected Systems

ArduPilot Copter, specifically the AP_SmartAudio component. Any firmware build that includes commit 92693e023793133e49a035daf37c14433e484778 or earlier is vulnerable. No specific version range is supplied, so all releases containing the affected code should be reviewed and patched once a corrected build is released.

Risk and Exploitability

The vulnerability carries a local attack vector; an attacker must be able to run code or supply input directly to the Copter. No public exploit is known, the CVSS score is 6.2, the EPSS score is < 1%, and it is not listed in CISA’s KEV catalog. Because the flaw triggers a denial of service rather than remote code execution, the overall risk level is moderate. Proper mitigation requires the deployment of the patched firmware as soon as it becomes available or restricting local access to the device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Ardupilot

100%

Version	Status	Scheme	Platform
`92693e023793133e49a035daf37c14433e484778`	affected	code_commit	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Download and install the latest ArduPilot firmware revision that resolves the buffer overflow in the SmartAudio component.
If a patched firmware is not yet available, disable the SmartAudio module or remove audio functionality from the flight controller configuration to eliminate the vulnerable code path.
Restrict local access to the flight controller to trusted users only and monitor system logs for unexpected reboots that could indicate exploitation attempts.

Generated by OpenCVE AI on May 14, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/ArduPilot/ardupilot/issues/28374

History

Sun, 17 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ardupilot Ardupilot ardupilot
Vendors & Products		Ardupilot Ardupilot ardupilot

Thu, 14 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Title		Local Buffer Overflow in ArduPilot Copter SmartAudio Causes Denial of Service

Thu, 14 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
Title	Buffer Overflow in ArduPilot Copter SmartAudio Causes Local Denial of Service
Weaknesses	CWE-119 CWE-120

Thu, 14 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-121
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 13 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Title		Buffer Overflow in ArduPilot Copter SmartAudio Causes Local Denial of Service
Weaknesses		CWE-119 CWE-120

Wed, 13 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components.
References		https://github.com/ArduPilot/ardupilot/issues/28374

Subscriptions

Ardupilot Ardupilot

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-13T00:00:00.000Z

Updated: 2026-05-14T12:23:58.786Z

Reserved: 2024-10-28T00:00:00.000Z

Link: CVE-2024-51395

Vulnrichment

Updated: 2026-05-14T12:23:18.367Z

NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:34.663

Modified: 2026-05-14T13:16:15.970

Link: CVE-2024-51395

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-17T19:42:14Z

Weaknesses

CWE-121

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object