6 matches found
CVE-2025-67269
CVE-2025-67269 describes an integer underflow in gpsd/packet.c:nextstate() during NAVCOM packet parsing. The payload length is computed as lexer->length = (size_t)c - 4 without validating that c >= 4, causing an unsigned underflow to a very large value and a loop that can exhaust CPU (DoS)....
CVE-2013-2038
The CVE-2013-2038 entry concerns the NMEA0183 driver in gpsd (pre-3.9). A malformed GPS packet with a defective $GPGGA interpreted sentence (lacking certain fields/terminator) may cause a denial of service (daemon termination) and possibly allow arbitrary code execution. Public references (SUSE, ...
CVE-2018-17937
GPSD vulnerabilities (CVE-2018-17937) affect gpsd versions 2.90–3.17 and microjson 1.0–1.3. The issue is a stack-based buffer overflow that can allow remote code execution on embedded platforms via traffic on port 2947/TCP or crafted JSON inputs. Impact is described as remote code execution with ...
CVE-2023-43628
CVE-2023-43628 affects GPSd 3.25.1~dev, with an integer underflow in the NTRIP Stream Parsing path that can cause memory corruption when processing crafted network packets. Talos’ analysis documents the vulnerability as an access/memory corruption issue in GPSd’s NTRIP client, triggered by a malf...
CVE-2025-67268
gpsd contains a heap-based out-of-bounds write in drivers/driver_nmea2000.c (PGN 129540 handling). The hnd_129540 function validates the satellite count against a 184-element skyview array, but an input satellite count up to 255 can overflow the array, causing memory corruption, DoS, and potentia...
CVE-2026-58459
CVE-2026-58459 affects gpsd (through release-3.27.5) with a command injection in the gpsprof workflow. The subtype value of the GPS device (sourced from a DEVICES JSON log entry or NMEA PGRMT sentence) is written into a generated gnuplot program via a set title statement that escapes only double ...