Astra Linux - уязвимость в gpsd

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

[SECURITY] Fedora 44 Update: qt6-qtpositioning-6.10.3-1.fc44

The Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...

Advisory ROSA-SA-2026-3228

software: gpsd 3.21 WASP: ROSA-CHROME unaffected versions = gpsd-3.21-5 affected versions gpsd-3.21-5 CVE-ID: CVE-2025-67268 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Vulnerability in gpsd before commit dc966aa: in drivers/drivernmea2000.c, function hnd129540 handling PGN 129540 - GNSS Satellite...

Silent Subversion: Sensor Spoofing Attacks Via Supply Chain Implants in Satellite Systems

Spoofing attacks are among the most destructive cyber threats to terrestrial systems, and they become even more dangerous in space, where satellites cannot be easily serviced, and operators depend on accurate telemetry to ensure mission success. When telemetry is compromised, entire spaceborne...

US Declassifies Information on JUMPSEAT Spy Satellites

The US National Reconnaissance Office has declassified information about a fleet of spy satellites operating between 1971 and 2006. I'm actually impressed to see a declassification only two decades after decommission...

gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling

A flaw was found in gpsd. The hnd129540 function, responsible for handling NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to properly validate the user-supplied satellite count. A remote attacker can exploit this by sending a specially crafted packet with an excessive satellite count,...

gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling

A flaw was found in gpsd. The hnd129540 function, responsible for handling NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to properly validate the user-supplied satellite count. A remote attacker can exploit this by sending a specially crafted packet with an excessive satellite count,...

SUSE CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

CVE-2025-67268

A flaw was found in gpsd. The hnd129540 function, responsible for handling NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to properly validate the user-supplied satellite count. A remote attacker can exploit this by sending a specially crafted packet with an excessive satellite count,...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

CVE-2025-67268

gpsd contains a heap-based out-of-bounds write in drivers/driver_nmea2000.c (PGN 129540 handling). The hnd_129540 function validates the satellite count against a 184-element skyview array, but an input satellite count up to 255 can overflow the array, causing memory corruption, DoS, and potentia...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

Coordinated Position Falsification Attacks and Countermeasures for Location-Based Services

With the rise of location-based service LBS applications that rely on terrestrial and satellite infrastructures e.g., GNSS and crowd-sourced Wi-Fi, Bluetooth, cellular, and IP databases for positioning, ensuring their integrity and security is paramount. However, we demonstrate that these...

[SECURITY] Fedora 42 Update: qt6-qtpositioning-6.9.3-1.fc42

The Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...

A Surprising Amount of Satellite Traffic Is Unencrypted

Here's the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructur...

Don't Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites

Geosynchronous GEO satellite links provide IP backhaul to remote critical infrastructure for utilities, telecom, government, military, and commercial users. To date, academic studies of GEO infrastructure have focused on a handful of satellites and specific use cases. The authors of this paper...

Satellites leak voice calls, text messages and more

Scientists from several US universities intercepted unencrypted broadcast through geostationary satellites using only off-the-shelf equipment on a university rooftop. Geostationary satellites move at the same speed as the Earth’s rotation so it seems as though they are always above the same exact...

SpyChain: Multi-Vector Supply Chain Attacks on Small Satellite Systems

Small satellites are integral to scientific, commercial, and defense missions, but reliance on commercial off-the-shelf COTS hardware broadens their attack surface. Although supply chain threats are well studied in other cyber-physical domains, their feasibility and stealth in space systems remai...

What Is Cybersecurity in Space?

Satellites, drones, and 5G space links now support critical services such as air traffic, finance, and weather. Yet most were not built to resist modern cyber threats. Ground stations can be breached, GPS jammed, and supply chains compromised, while no shared list of vulnerabilities or safe testi...