Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for gpsd by gpsd_project

    CVE-2025-67269 (GCVE-0-2025-67269)

    Vulnerability from nvd – Published: 2026-01-02 00:00 – Updated: 2026-06-30 03:20
    VLAI
    Summary
    An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T16:37:07.630167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-191",
                    "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T17:40:49.246Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-02T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in gpsd. A remote attacker can exploit this vulnerability by sending a specially crafted NAVCOM packet. When parsing the packet, an error in calculating the payload length can cause the system to attempt to process an extremely large amount of data. This leads to excessive CPU utilization, resulting in a Denial of Service (DoS) condition where the system becomes unresponsive."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-191",
                    "description": "Integer Underflow (Wrap or Wraparound)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T03:20:28.326Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-67269"
              },
              {
                "name": "RHBZ#2426810",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426810"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-67269.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0770"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0771"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:0770: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0771: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-02T16:01:42.941Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-02T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing",
            "workarounds": [
              {
                "lang": "en",
                "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.\n\n\nExposure can be reduced by restricting gpsd from listening on network sockets, limiting input sources to trusted serial devices only, and ensuring the service is not accessible from untrusted networks. Deployments that do not require NAVCOM packet support should consider disabling or filtering such input where possible to further minimize risk."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer-\u003elength = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer-\u003elength` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-02T15:49:05.691Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.com/gpsd/gpsd/-/commit/ffa1d6f40bca0b035fc7f5e563160ebb67199da7"
            },
            {
              "url": "https://gitlab.com/gpsd/gpsd"
            },
            {
              "url": "https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67269/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-67269",
        "datePublished": "2026-01-02T00:00:00.000Z",
        "dateReserved": "2025-12-08T00:00:00.000Z",
        "dateUpdated": "2026-06-30T03:20:28.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67268 (GCVE-0-2025-67268)

    Vulnerability from nvd – Published: 2026-01-02 00:00 – Updated: 2026-06-30 12:06
    VLAI
    Summary
    gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67268",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T16:33:31.263825Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "CWE-122 Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T17:40:28.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-02T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in gpsd. The hnd_129540 function, responsible for handling NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to properly validate the user-supplied satellite count. A remote attacker can exploit this by sending a specially crafted packet with an excessive satellite count, leading to a heap-based out-of-bounds write. This memory corruption can result in a Denial of Service (DoS) and potentially allow for arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1285",
                    "description": "Improper Validation of Specified Index, Position, or Offset in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:29.766Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-67268"
              },
              {
                "name": "RHBZ#2426835",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426835"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-67268.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:1621"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0770"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0771"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:1621: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0770: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0771: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-02T17:01:54.750Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-02T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling",
            "workarounds": [
              {
                "lang": "en",
                "value": "Risk can be reduced by limiting exposure of gpsd to trusted NMEA2000/CAN bus sources only, ensuring that untrusted or externally reachable interfaces cannot inject crafted Fast Packets. Systems should avoid forwarding NMEA2000 traffic from bridged, virtualized, or containerized environments unless strict validation is in place, and gpsd should be run with least-privilege permissions to minimize the impact of a crash or corrupted state."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-02T16:05:18.965Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4"
            },
            {
              "url": "https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c"
            },
            {
              "url": "https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-67268",
        "datePublished": "2026-01-02T00:00:00.000Z",
        "dateReserved": "2025-12-08T00:00:00.000Z",
        "dateUpdated": "2026-06-30T12:06:29.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-43628 (GCVE-0-2023-43628)

    Vulnerability from nvd – Published: 2023-12-05 11:35 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    GPSd GPSd Affected: 3.25.1~dev
    Create a notification for this product.
    Credits
    Discovered by Dimitrios Tatsis of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:11.665Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1860"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GPSd",
              "vendor": "GPSd",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.25.1~dev"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Dimitrios Tatsis of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-06T18:39:43.190Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-43628",
        "datePublished": "2023-12-05T11:35:01.035Z",
        "dateReserved": "2023-11-15T15:08:16.534Z",
        "dateUpdated": "2025-11-04T19:25:11.665Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-17937 (GCVE-0-2018-17937)

    Vulnerability from nvd – Published: 2019-03-13 17:00 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT gpsd and microjson (Open Source Project) Affected: gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3
    Create a notification for this product.
    Date Public
    2019-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107029",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107029"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01"
              },
              {
                "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1738-1] gpsd security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html"
              },
              {
                "name": "GLSA-202009-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202009-17"
              },
              {
                "name": "[debian-lts-announce] 20211029 [SECURITY] [DLA 2795-1] gpsd security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gpsd and microjson (Open Source Project)",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "STACK-BASED BUFFER OVERFLOW CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-29T09:06:09.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "107029",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107029"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01"
            },
            {
              "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1738-1] gpsd security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html"
            },
            {
              "name": "GLSA-202009-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202009-17"
            },
            {
              "name": "[debian-lts-announce] 20211029 [SECURITY] [DLA 2795-1] gpsd security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-02-14T00:00:00",
              "ID": "CVE-2018-17937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "gpsd and microjson (Open Source Project)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "STACK-BASED BUFFER OVERFLOW CWE-121"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107029",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107029"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01"
                },
                {
                  "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1738-1] gpsd security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html"
                },
                {
                  "name": "GLSA-202009-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202009-17"
                },
                {
                  "name": "[debian-lts-announce] 20211029 [SECURITY] [DLA 2795-1] gpsd security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17937",
        "datePublished": "2019-03-13T17:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:34.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2038 (GCVE-0-2013-2038)

    Vulnerability from nvd – Published: 2014-02-06 16:00 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://git.savannah.gnu.org/cgit/gpsd.git/commit/… x_refsource_CONFIRM
    http://www.osvdb.org/93000 vdb-entryx_refsource_OSVDB
    http://ubuntu.com/usn/usn-1820-1 vendor-advisoryx_refsource_UBUNTU
    http://openwall.com/lists/oss-security/2013/05/08/1 mailing-listx_refsource_MLIST
    http://openwall.com/lists/oss-security/2013/05/02/20 mailing-listx_refsource_MLIST
    http://lists.nongnu.org/archive/html/gpsd-dev/201… mailing-listx_refsource_MLIST
    http://www.osvdb.org/93001 vdb-entryx_refsource_OSVDB
    Date Public
    2013-05-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:20:37.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"
              },
              {
                "name": "93000",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/93000"
              },
              {
                "name": "USN-1820-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-1820-1"
              },
              {
                "name": "[oss-security] 20130507 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/05/08/1"
              },
              {
                "name": "[oss-security] 20130502 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/05/02/20"
              },
              {
                "name": "[gpsd-dev] 20130501 3.9 is released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"
              },
              {
                "name": "93001",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/93001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator.  NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-06T15:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"
            },
            {
              "name": "93000",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/93000"
            },
            {
              "name": "USN-1820-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-1820-1"
            },
            {
              "name": "[oss-security] 20130507 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/05/08/1"
            },
            {
              "name": "[oss-security] 20130502 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/05/02/20"
            },
            {
              "name": "[gpsd-dev] 20130501 3.9 is released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"
            },
            {
              "name": "93001",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/93001"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-2038",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator.  NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"
                },
                {
                  "name": "93000",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/93000"
                },
                {
                  "name": "USN-1820-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-1820-1"
                },
                {
                  "name": "[oss-security] 20130507 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/05/08/1"
                },
                {
                  "name": "[oss-security] 20130502 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/05/02/20"
                },
                {
                  "name": "[gpsd-dev] 20130501 3.9 is released",
                  "refsource": "MLIST",
                  "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"
                },
                {
                  "name": "93001",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/93001"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-2038",
        "datePublished": "2014-02-06T16:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:20:37.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-67268 (GCVE-0-2025-67268)

    Vulnerability from cvelistv5 – Published: 2026-01-02 00:00 – Updated: 2026-06-30 12:06
    VLAI
    Summary
    gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67268",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T16:33:31.263825Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "CWE-122 Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T17:40:28.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-02T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in gpsd. The hnd_129540 function, responsible for handling NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to properly validate the user-supplied satellite count. A remote attacker can exploit this by sending a specially crafted packet with an excessive satellite count, leading to a heap-based out-of-bounds write. This memory corruption can result in a Denial of Service (DoS) and potentially allow for arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1285",
                    "description": "Improper Validation of Specified Index, Position, or Offset in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:29.766Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-67268"
              },
              {
                "name": "RHBZ#2426835",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426835"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-67268.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:1621"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0770"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0771"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:1621: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0770: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0771: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-02T17:01:54.750Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-02T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling",
            "workarounds": [
              {
                "lang": "en",
                "value": "Risk can be reduced by limiting exposure of gpsd to trusted NMEA2000/CAN bus sources only, ensuring that untrusted or externally reachable interfaces cannot inject crafted Fast Packets. Systems should avoid forwarding NMEA2000 traffic from bridged, virtualized, or containerized environments unless strict validation is in place, and gpsd should be run with least-privilege permissions to minimize the impact of a crash or corrupted state."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-02T16:05:18.965Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4"
            },
            {
              "url": "https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c"
            },
            {
              "url": "https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-67268",
        "datePublished": "2026-01-02T00:00:00.000Z",
        "dateReserved": "2025-12-08T00:00:00.000Z",
        "dateUpdated": "2026-06-30T12:06:29.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67269 (GCVE-0-2025-67269)

    Vulnerability from cvelistv5 – Published: 2026-01-02 00:00 – Updated: 2026-06-30 03:20
    VLAI
    Summary
    An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T16:37:07.630167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-191",
                    "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T17:40:49.246Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-02T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in gpsd. A remote attacker can exploit this vulnerability by sending a specially crafted NAVCOM packet. When parsing the packet, an error in calculating the payload length can cause the system to attempt to process an extremely large amount of data. This leads to excessive CPU utilization, resulting in a Denial of Service (DoS) condition where the system becomes unresponsive."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-191",
                    "description": "Integer Underflow (Wrap or Wraparound)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T03:20:28.326Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-67269"
              },
              {
                "name": "RHBZ#2426810",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426810"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-67269.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0770"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0771"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:0770: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0771: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-02T16:01:42.941Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-02T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing",
            "workarounds": [
              {
                "lang": "en",
                "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.\n\n\nExposure can be reduced by restricting gpsd from listening on network sockets, limiting input sources to trusted serial devices only, and ensuring the service is not accessible from untrusted networks. Deployments that do not require NAVCOM packet support should consider disabling or filtering such input where possible to further minimize risk."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer-\u003elength = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer-\u003elength` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-02T15:49:05.691Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.com/gpsd/gpsd/-/commit/ffa1d6f40bca0b035fc7f5e563160ebb67199da7"
            },
            {
              "url": "https://gitlab.com/gpsd/gpsd"
            },
            {
              "url": "https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67269/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-67269",
        "datePublished": "2026-01-02T00:00:00.000Z",
        "dateReserved": "2025-12-08T00:00:00.000Z",
        "dateUpdated": "2026-06-30T03:20:28.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-43628 (GCVE-0-2023-43628)

    Vulnerability from cvelistv5 – Published: 2023-12-05 11:35 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    GPSd GPSd Affected: 3.25.1~dev
    Create a notification for this product.
    Credits
    Discovered by Dimitrios Tatsis of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:11.665Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1860"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GPSd",
              "vendor": "GPSd",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.25.1~dev"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Dimitrios Tatsis of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-06T18:39:43.190Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-43628",
        "datePublished": "2023-12-05T11:35:01.035Z",
        "dateReserved": "2023-11-15T15:08:16.534Z",
        "dateUpdated": "2025-11-04T19:25:11.665Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-17937 (GCVE-0-2018-17937)

    Vulnerability from cvelistv5 – Published: 2019-03-13 17:00 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT gpsd and microjson (Open Source Project) Affected: gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3
    Create a notification for this product.
    Date Public
    2019-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107029",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107029"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01"
              },
              {
                "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1738-1] gpsd security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html"
              },
              {
                "name": "GLSA-202009-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202009-17"
              },
              {
                "name": "[debian-lts-announce] 20211029 [SECURITY] [DLA 2795-1] gpsd security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gpsd and microjson (Open Source Project)",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "STACK-BASED BUFFER OVERFLOW CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-29T09:06:09.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "107029",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107029"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01"
            },
            {
              "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1738-1] gpsd security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html"
            },
            {
              "name": "GLSA-202009-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202009-17"
            },
            {
              "name": "[debian-lts-announce] 20211029 [SECURITY] [DLA 2795-1] gpsd security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-02-14T00:00:00",
              "ID": "CVE-2018-17937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "gpsd and microjson (Open Source Project)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "STACK-BASED BUFFER OVERFLOW CWE-121"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107029",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107029"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01"
                },
                {
                  "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1738-1] gpsd security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html"
                },
                {
                  "name": "GLSA-202009-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202009-17"
                },
                {
                  "name": "[debian-lts-announce] 20211029 [SECURITY] [DLA 2795-1] gpsd security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17937",
        "datePublished": "2019-03-13T17:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:34.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2038 (GCVE-0-2013-2038)

    Vulnerability from cvelistv5 – Published: 2014-02-06 16:00 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://git.savannah.gnu.org/cgit/gpsd.git/commit/… x_refsource_CONFIRM
    http://www.osvdb.org/93000 vdb-entryx_refsource_OSVDB
    http://ubuntu.com/usn/usn-1820-1 vendor-advisoryx_refsource_UBUNTU
    http://openwall.com/lists/oss-security/2013/05/08/1 mailing-listx_refsource_MLIST
    http://openwall.com/lists/oss-security/2013/05/02/20 mailing-listx_refsource_MLIST
    http://lists.nongnu.org/archive/html/gpsd-dev/201… mailing-listx_refsource_MLIST
    http://www.osvdb.org/93001 vdb-entryx_refsource_OSVDB
    Date Public
    2013-05-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:20:37.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"
              },
              {
                "name": "93000",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/93000"
              },
              {
                "name": "USN-1820-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-1820-1"
              },
              {
                "name": "[oss-security] 20130507 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/05/08/1"
              },
              {
                "name": "[oss-security] 20130502 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/05/02/20"
              },
              {
                "name": "[gpsd-dev] 20130501 3.9 is released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"
              },
              {
                "name": "93001",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/93001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator.  NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-06T15:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"
            },
            {
              "name": "93000",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/93000"
            },
            {
              "name": "USN-1820-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-1820-1"
            },
            {
              "name": "[oss-security] 20130507 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/05/08/1"
            },
            {
              "name": "[oss-security] 20130502 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/05/02/20"
            },
            {
              "name": "[gpsd-dev] 20130501 3.9 is released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"
            },
            {
              "name": "93001",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/93001"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-2038",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator.  NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"
                },
                {
                  "name": "93000",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/93000"
                },
                {
                  "name": "USN-1820-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-1820-1"
                },
                {
                  "name": "[oss-security] 20130507 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/05/08/1"
                },
                {
                  "name": "[oss-security] 20130502 Re: CVE Request -- gpsd 3.9 fixing a denial of  service flaw",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/05/02/20"
                },
                {
                  "name": "[gpsd-dev] 20130501 3.9 is released",
                  "refsource": "MLIST",
                  "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"
                },
                {
                  "name": "93001",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/93001"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-2038",
        "datePublished": "2014-02-06T16:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:20:37.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }