CVE-2024-33844, Bugs in ANAFI Thermal/USA Firmware

As the mavlink_itf_reset_mission_data function does not sanitize the MAV_MISSION_TYPE(0, 1, 2, 255) so that when I send MAVLink MISSION_COUNT payload with MAV_MISSION_TYPE=17, the ‘control’ crashes by freeing 0-filled memory addresses.

Tested on Parrot ANAFI Thermal (Firmware 1.8.2)

Do you have more info? I have a anafi 4k but I do not use mavlink does this still affect it? Sometimes the video cuts out on my 4k just like those pictures when not using any mavlink. Still never found the cause to this day. Although not recently.

Hi @Entropy1110,

Thank you for reporting this to us.

This issue is only present once already connected by Wifi to the drone. The Wifi link between the drone and its controller is protected by WPA2. It also doesn’t affect drones that aren’t piloted through the MAVLink interface.

Although our drones export a MAVLink interface, support of live MAVLink commands is limited. The supported way of developing an application to interface with our drones is by using our SDK.
We will however still take a look at what you detail and potentially make the MAVLink interface evolve in a future software release.