PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload l…

PX4 autopilot flight control solution for drones contains a stack overflow vulnerability in versions prior to 1.17.0-rc2. The Zenoh uORB subscriber allocates a stack VLA directly from incoming payload length without bounds checking. Remote attackers can exploit this by sending oversized fragmented messages through a Zenoh publisher. This causes unbounded stack allocation and copy operations, leading to stack overflow and crash of the Zenoh bridge task. The vulnerability allows remote denial of service attacks against drone flight control systems. Fixed in version 1.17.0-rc2.