Ardupiot Copter Buffer Overflow Vulnerability Allowing Denial-of-Service

A buffer overflow vulnerability has been identified in Ardupiot Copter, specifically in the latest commit. This vulnerability allows a local attacker to cause a denial-of-service by exploiting the 'AP_SmartAudio::loop' function within the 'AP_SmartAudio' component of 'AP_SmartAudio.cpp'. The issue arises from a potential stack overflow, where the 'AP_SmartAudio::loop' function can consume excessive stack space, leading to internal errors and disrupted functionality.

Impact

Exploitation of this vulnerability can cause a stack overflow, leading to a denial-of-service condition where the application fails to function properly, potentially causing internal errors related to stack overflow on affected boards.

Reproduction

The vulnerability can be reproduced by building Ardupiot Copter with specific compiler flags that calculate stack usage. After compiling the application, the stack usage can be analyzed to confirm that the 'AP_SmartAudio::loop' function exceeds the safe stack limit, creating a risk of overflow.

Remediation

The vulnerability has been addressed by reducing the stack usage of the 'mavlink' signing process, which previously consumed a significant amount of stack space. Users should ensure they are using a version of Ardupiot Copter that includes this fix.