RVD#2572: Web server running on Parrot ANAFI can be crashed due to the SDK

[rvd-bot]

id: 2572
title: 'RVD#2572: Web server running on Parrot ANAFI can be crashed due to the SDK '
type: vulnerability
description: Web server running on Parrot ANAFI can be crashed due to the SDK command
  "Common_CurrentDateTime" being sent to control service with larger than expected
  date length.
cwe: None
cve: CVE-2019-3945
keywords: ''
system: 'Parrot ANAFI'
vendor: "Parrot"
severity:
  rvss-score: 0
  rvss-vector: ''
  severity-description: 'medium'
  cvss-score: 5.0
  cvss-vector: CVSS:3.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
links:
- https://vulners.com/cve/CVE-2019-3945
- https://github.com/aliasrobotics/RVD/issues/2572
- https://es-la.tenable.com/security/research/tra-2019-22?tns_redirect=true
flaw:
  phase: unknown
  specificity: N/A
  architectural-location: N/A
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: '2020-04-01'
  detected-by: ''
  detected-by-method: N/A
  date-reported: '2020-04-10'
  reported-by: ''
  reported-by-relationship: N/A
  issue: https://github.com/aliasrobotics/RVD/issues/2572
  reproducibility: ''
  trace: ''
  reproduction: ''
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''