CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в gpsd

There is an integer underflow vulnerability in the nextstate function in gpsd/packet.c in gpsd versions prior to the commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4, without checking whether the input...

7.5CVSS5.8AI score0.00212EPSS

Exploits2References2

OSV•added 2026/02/25 12:16 a.m.•3 views

OSV-2026-307 Global-buffer-overflow in navcom_parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486709178 Crash type: Global-buffer-overflow READ 1 Crash state: navcomparse gpsdpoll FuzzDrivers.c...

5.4AI score

Exploits0References1

Mageia•added 2026/01/30 12:39 a.m.•7 views

Updated gpsd packages fix security vulnerabilities

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS6.1AI score0.00212EPSS

Exploits3References2

OSV•added 2026/01/30 12:39 a.m.•3 views

MGASA-2026-0028 Updated gpsd packages fix security vulnerabilities

9.8CVSS6.1AI score0.00212EPSS

Exploits3References3

OSV•added 2026/01/28 9:39 a.m.•3 views

CLSA-2026-1769593159 gpsd-minimal: Fix of 2 CVEs

CVE-2025-67268: fix heap-based out-of-bounds write in NMEA2000 Driver - CVE-2025-67269: fix integer underflow leading to DoS in NAVCOM packet parsing...

9.8CVSS7.3AI score0.00212EPSS

Exploits3References1

Tenable Nessus•added 2026/01/21 12:0 a.m.•5 views

MiracleLinux 9 : gpsd-minimal-3.26.1-1.el9_7.1 (AXSA:2026-055:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-055:01 advisory. gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing CVE-2025-67269 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds...

9.8CVSS6.2AI score0.00212EPSS

Exploits3References3

Tenable Nessus•added 2026/01/21 12:0 a.m.•1 views

RockyLinux 10 : gpsd (RLSA-2026:0770)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0770 advisory. gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing CVE-2025-67269 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds...

9.8CVSS6.2AI score0.00212EPSS

Exploits3References5

OSV•added 2026/01/20 9:5 a.m.•5 views

RLSA-2026:0771 Important: gpsd-minimal security update

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. The Rocky Enterprise Software Foundation support fo...

7.5CVSS6.1AI score0.00212EPSS

Exploits3References3

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

RockyLinux 9 : gpsd-minimal (RLSA-2026:0771)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0771 advisory. gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing CVE-2025-67269 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds wri...

9.8CVSS6.2AI score0.00212EPSS

Exploits3References5

RedHat Linux•added 2026/01/19 5:57 a.m.•7 views

gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing

A flaw was found in gpsd. A remote attacker can exploit this vulnerability by sending a specially crafted NAVCOM packet. When parsing the packet, an error in calculating the payload length can cause the system to attempt to process an extremely large amount of data. This leads to excessive CPU...

7.5CVSS5.8AI score0.00212EPSS

Exploits2References7

Oracle linux•added 2026/01/19 12:0 a.m.•5 views

gpsd security update

1:3.26.1-1.0.1.el101.1 - Replace upstream reference Orabug: 37033219 1:3.26.1-1.el101.1 - fix buffer overflow in NMEA2000 driver CVE-2025-67268 - fix integer underflow in handling of Navcom packets CVE-2025-67269...

9.8CVSS5.7AI score0.00212EPSS

Exploits3

AlmaLinux•added 2026/01/19 12:0 a.m.•5 views

Important: gpsd-minimal security update

9.8CVSS6.1AI score0.00212EPSS

Exploits3References6

OpenVAS•added 2026/01/09 12:0 a.m.•4 views

Ubuntu: Security Advisory (USN-7948-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.8AI score0.00212EPSS

Exploits3References2

Tenable Nessus•added 2026/01/09 12:0 a.m.•2 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : GPSd vulnerabilities (USN-7948-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7948-1 advisory. It was discovered that GPSd incorrectly handled processing NMEA2000 packets. An attacker could use this issue to cause GPSd t...

9.8CVSS6AI score0.00212EPSS

Exploits3References3

SUSE CVE•added 2026/01/06 12:24 a.m.•2 views

SUSE CVE-2025-67269

An integer underflow vulnerability exists in the nextstate function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4 without checking if the input byte c is le...

7.5CVSS6.9AI score0.00212EPSS

Exploits2References3