search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
171 stars 31 forks source link

RVD#3274: syslog, fault_log/hardfault_log.c:198,214,226,625,657,712,758,803,809,820,823,834,838,843,877,971,976,995,998,1008,1013,1020,1046,1111,1120,1130, ... #3274

Closed rvd-bot closed 4 years ago

rvd-bot commented 4 years ago 
id: 3274
title: 'RVD#3274: syslog, fault_log/hardfault_log.c:198,214,226,625,657,712,758,803,809,820,823,834,838,843,877,971,976,995,998,1008,1013,1020,1046,1111,1120,1130,
  ...'
type: bug
description: "Truncate all input strings to a reasonable length \nbefore passing them\
  \ to this function @ /opt/px4_ws/Firmware/src/systemcmds/hardfault_log/hardfault_log.c198,214,226,625,657,712,758,803,809,820,823,834,838,843,877,971,976,995,998,1008,1013,1020,1046,1111,1120,1130,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/mtd/24xxxx_mtd.c266,271,275, \n/opt/px4_ws/Firmware/src/drivers/kinetis/tone_alarm/tone_alarm.cpp741,\
  \ \n/opt/px4_ws/Firmware/src/drivers/stm32/tone_alarm/tone_alarm.cpp819, \n/opt/px4_ws/Firmware/src/drivers/samv7/tone_alarm/tone_alarm.cpp737,\
  \ \n/opt/px4_ws/Firmware/src/drivers/px4io/px4io_serial.cpp326,353,372,612, \n/opt/px4_ws/Firmware/src/drivers/boards/nxphlite-v3/nxphlite_sdhc.c194,198,\
  \ \n/opt/px4_ws/Firmware/src/modules/uavcannode/uavcannode_main.cpp334,376,381,457,463,\
  \ \n/opt/px4_ws/Firmware/src/modules/uavcannode/resources.cpp105,116,119,181,183,186,\
  \ \n/opt/px4_ws/Firmware/src/modules/uavcannode/sim_controller.cpp66,84, \n/opt/px4_ws/Firmware/src/modules/uavcannode/indication_controller.cpp72,\
  \ \n/opt/px4_ws/Firmware/src/modules/px4iofirmware/px4io.c294,337,357, \n/opt/px4_ws/Firmware/src/modules/uavcanesc/uavcanesc_main.cpp307,349,\
  \ \n/opt/px4_ws/Firmware/src/modules/systemlib/err.c83,92,95, \n"
cwe: None
cve: None
keywords:
- rats
- static analysis
- testing
- triage
- bug
- 'version: v1.7.0'
- 'robot component: PX4'
- components software
system: ''
vendor: null
severity:
  rvss-score: 0
  rvss-vector: ''
  severity-description: ''
  cvss-score: 0
  cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/3274
flaw:
  phase: testing
  specificity: subject-specific
  architectural-location: application-specific
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: 2020-06-29 (21:13)
  detected-by: Alias Robotics
  detected-by-method: testing static
  date-reported: 2020-06-29 (21:13)
  reported-by: Alias Robotics
  reported-by-relationship: automatic
  issue: https://github.com/aliasrobotics/RVD/issues/3274
  reproducibility: always
  trace: ''
  reproduction: See artifacts below (if available)
  reproduction-image: gitlab.com/aliasrobotics/offensive/alurity/pipelines/active/pipeline_px4/-/jobs/616402716/artifacts/download
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''