CVE-2023-43628

2023-12-0512:15:43

Debian Security Bug Tracker

security-tracker.debian.org

integer underflow

ntrip stream parsing

memory corruption

network packet

memory corruption

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

13.2%

JSON

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.

OSVersionArchitecturePackageVersionFilename
Debian12allgpsd< 3.22-4.1gpsd_3.22-4.1_all.deb
Debian11allgpsd< 3.22-4gpsd_3.22-4_all.deb
Debian999allgpsd< 3.25-4gpsd_3.25-4_all.deb
Debian13allgpsd< 3.25-4gpsd_3.25-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	gpsd	< 3.22-4.1	gpsd_3.22-4.1_all.deb
Debian	11	all	gpsd	< 3.22-4	gpsd_3.22-4_all.deb
Debian	999	all	gpsd	< 3.25-4	gpsd_3.25-4_all.deb
Debian	13	all	gpsd	< 3.25-4	gpsd_3.25-4_all.deb