MiracleLinux 9 : gpsd-minimal-3.26.1-1.el9_7.1 (AXSA:2026-055:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-055:01 advisory. gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing CVE-2025-67269 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds...

ALSA-2026:0770 Important: gpsd security update

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications such as...

USN-7948-1 gpsd vulnerabilities

It was discovered that GPSd incorrectly handled processing NMEA2000 packets. An attacker could use this issue to cause GPSd to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-67268 It was discovered that GPSd incorrectly handled processing NAVCOM packets. An...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

DEBIAN-CVE-2013-2038

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service daemon termination and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was...