for my master thesis I performed a security analysis of the MAVLink protocol, focussing on implementation flaws and vulnerabilities. I used the technique of fuzzing. The setup uses a very basic fuzzer, capable of generating valid MAVLink messages, and a virtual drone provided by SITL, receiving the messages sent over TCP.
At the moment, the generated MAVLink messages had a random portion in the payload field. The data for this field was randomly generated hexadecimal values.
In the end, this resulted in crashing the virtual drone. This was due to Floating Point Exceptions. In the research I encountered 25 FPEs, at 15 different code locations. I know FPE are not allowed during a real operational flight, but they might be an indication of an underlying problem.
If you want I share my findings, maybe they can be interesting for MAVLink 2.0.
Here an example of an encountered PFE and the backtrace in GDB: