search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
176 stars 31 forks source link

RVD#2583: syslog, canesc/uavcanesc_main.cpp:293,335, ... #2583

Closed rvd-bot closed 3 years ago

rvd-bot commented 4 years ago 
id: 2583
title: 'RVD#2583: syslog, canesc/uavcanesc_main.cpp:293,335, ...'
type: bug
description: "Truncate all input strings to a reasonable length \nbefore passing them\
  \ to this function @ /opt/px4_ws/Firmware/src/drivers/uavcanesc/uavcanesc_main.cpp293,335,\
  \ \n/opt/px4_ws/Firmware/src/drivers/boards/common/board_crashdump.c68,105,156,\
  \ \n/opt/px4_ws/Firmware/src/drivers/uavcannode/uavcannode_main.cpp320,362,367,443,449,\
  \ \n/opt/px4_ws/Firmware/src/drivers/uavcannode/sim_controller.cpp65,83, \n/opt/px4_ws/Firmware/src/drivers/uavcannode/indication_controller.cpp71,\
  \ \n/opt/px4_ws/Firmware/src/drivers/uavcannode/resources.cpp105,116,119,181,183,186,\
  \ \n/opt/px4_ws/Firmware/src/modules/px4iofirmware/px4io.c295,338,358, \n/opt/px4_ws/Firmware/src/systemcmds/hardfault_log/hardfault_log.c198,214,226,625,657,712,758,803,809,820,823,834,838,843,877,971,976,995,998,1008,1013,1020,1046,1111,1120,1130,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/mtd/24xxxx_mtd.c267,272,276, \n/opt/px4_ws/Firmware/boards/holybro/kakutef7/src/init.c198,233,243,261,\
  \ \n/opt/px4_ws/Firmware/boards/bitcraze/crazyflie/src/spi.c71,79,148, \n/opt/px4_ws/Firmware/boards/auav/x21/src/spi.c178,\
  \ \n/opt/px4_ws/Firmware/boards/auav/x21/src/init.c146,243,276,295,316,326, \n/opt/px4_ws/Firmware/boards/px4/fmu-v4/src/spi.c286,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v4/src/init.c121,277,317,336,356,362,383,393,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v5/src/init.c113,224,228,234, \n/opt/px4_ws/Firmware/boards/px4/fmu-v5/src/sdio.c144,155,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v5/src/manifest.c130, \n/opt/px4_ws/Firmware/boards/px4/fmu-v5/src/spi.cpp294,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v5x/src/init.c116,233,237,244, \n/opt/px4_ws/Firmware/boards/px4/fmu-v5x/src/sdio.c144,155,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v5x/src/manifest.c127, \n/opt/px4_ws/Firmware/boards/px4/fmu-v5x/src/spi.cpp378,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v2/src/spi.c423, \n/opt/px4_ws/Firmware/boards/px4/fmu-v2/src/init.c116,401,416,421,432,465,481,497,514,523,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v2/src/manifest.c139, \n/opt/px4_ws/Firmware/boards/px4/fmu-v4pro/src/spi.c260,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v4pro/src/init.c123,291,326,347,366,382,400,410,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v3/src/spi.c423, \n/opt/px4_ws/Firmware/boards/px4/fmu-v3/src/init.c116,401,416,421,432,465,481,497,514,523,\
  \ \n/opt/px4_ws/Firmware/boards/px4/fmu-v3/src/manifest.c139, \n/opt/px4_ws/Firmware/boards/omnibus/f4sd/src/init.c246,281,298,308,319,346,\
  \ \n/opt/px4_ws/Firmware/boards/modalai/fc-v1/src/init.c158,286,290,298, \n/opt/px4_ws/Firmware/boards/modalai/fc-v1/src/sdio.c144,155,\
  \ \n/opt/px4_ws/Firmware/boards/modalai/fc-v1/src/manifest.c132, \n/opt/px4_ws/Firmware/boards/modalai/fc-v1/src/spi.cpp410,\
  \ \n/opt/px4_ws/Firmware/boards/mro/ctrl-zero-f7/src/init.c110,207, \n/opt/px4_ws/Firmware/boards/mro/ctrl-zero-f7/src/sdio.c138,149,\
  \ \n/opt/px4_ws/Firmware/boards/mro/ctrl-zero-f7/src/spi.cpp225, \n/opt/px4_ws/Firmware/boards/uvify/core/src/spi.c286,\
  \ \n/opt/px4_ws/Firmware/boards/uvify/core/src/init.c121,277,317,336,356,362,383,393,\
  \ \n/opt/px4_ws/Firmware/boards/nxp/fmuk66-v3/src/spi.c195,215,235, \n/opt/px4_ws/Firmware/boards/nxp/fmuk66-v3/src/init.c155,232,\
  \ \n/opt/px4_ws/Firmware/boards/nxp/fmuk66-v3/src/sdhc.c210,214, \n/opt/px4_ws/Firmware/boards/av/x-v1/src/init.c160,187,213,238,\
  \ \n/opt/px4_ws/Firmware/boards/av/x-v1/src/sdio.c140,151, \n/opt/px4_ws/Firmware/boards/av/x-v1/src/spi.cpp280,\
  \ \n/opt/px4_ws/Firmware/boards/intel/aerofc-v1/src/init.c210, \n/opt/px4_ws/Firmware/boards/airmind/mindpx-v2/src/spi.c210,\
  \ \n/opt/px4_ws/Firmware/boards/airmind/mindpx-v2/src/init.c223,256,276,306,315,\
  \ \n/opt/px4_ws/Firmware/platforms/nuttx/src/px4/stm/stm32f7/px4io_serial/px4io_serial.cpp186,213,232,357,\
  \ \n/opt/px4_ws/Firmware/platforms/nuttx/src/px4/stm/stm32f4/px4io_serial/px4io_serial.cpp175,202,221,339,\
  \ \n"
cwe: None
cve: None
keywords:
- rats
- static analysis
- testing
- triage
- bug
- 'version: v1.10.2'
- 'robot component: PX4'
- components software
system: ''
vendor: null
severity:
  rvss-score: 0
  rvss-vector: ''
  severity-description: ''
  cvss-score: 0
  cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/2583
flaw:
  phase: testing
  specificity: subject-specific
  architectural-location: application-specific
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: 2020-06-29 (11:42)
  detected-by: Alias Robotics
  detected-by-method: testing static
  date-reported: 2020-06-29 (11:42)
  reported-by: Alias Robotics
  reported-by-relationship: automatic
  issue: https://github.com/aliasrobotics/RVD/issues/2583
  reproducibility: always
  trace: ''
  reproduction: See artifacts below (if available)
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''
rvd-bot commented 3 years ago

Ticket is still missing triage. Closing for inactivity