Lucene search
+L
Gpsd ProjectGpsd

6 matches found

CVE
CVE
added 2026/01/02 12:0 a.m.163 views

CVE-2025-67269

CVE-2025-67269 describes an integer underflow in gpsd/packet.c:nextstate() during NAVCOM packet parsing. The payload length is computed as lexer->length = (size_t)c - 4 without validating that c >= 4, causing an unsigned underflow to a very large value and a loop that can exhaust CPU (DoS)....

7.5CVSS6.5AI score0.0047EPSS
CVE
CVE
added 2014/02/06 4:0 p.m.151 views

CVE-2013-2038

The CVE-2013-2038 entry concerns the NMEA0183 driver in gpsd (pre-3.9). A malformed GPS packet with a defective $GPGGA interpreted sentence (lacking certain fields/terminator) may cause a denial of service (daemon termination) and possibly allow arbitrary code execution. Public references (SUSE, ...

4.3CVSS7.7AI score0.0415EPSS
CVE
CVE
added 2019/03/13 5:0 p.m.93 views

CVE-2018-17937

GPSD vulnerabilities (CVE-2018-17937) affect gpsd versions 2.90–3.17 and microjson 1.0–1.3. The issue is a stack-based buffer overflow that can allow remote code execution on embedded platforms via traffic on port 2947/TCP or crafted JSON inputs. Impact is described as remote code execution with ...

8.8CVSS8.8AI score0.02656EPSS
CVE
CVE
added 2023/12/05 11:35 a.m.49 views

CVE-2023-43628

CVE-2023-43628 affects GPSd 3.25.1~dev, with an integer underflow in the NTRIP Stream Parsing path that can cause memory corruption when processing crafted network packets. Talos’ analysis documents the vulnerability as an access/memory corruption issue in GPSd’s NTRIP client, triggered by a malf...

7.5CVSS7.4AI score0.01225EPSS
CVE
CVE
added 2026/01/02 12:0 a.m.44 views

CVE-2025-67268

gpsd contains a heap-based out-of-bounds write in drivers/driver_nmea2000.c (PGN 129540 handling). The hnd_129540 function validates the satellite count against a 184-element skyview array, but an input satellite count up to 255 can overflow the array, causing memory corruption, DoS, and potentia...

9.8CVSS7.6AI score0.00674EPSS
CVE
CVE
added 2026/07/09 4:14 p.m.12 views

CVE-2026-58459

CVE-2026-58459 affects gpsd (through release-3.27.5) with a command injection in the gpsprof workflow. The subtype value of the GPS device (sourced from a DEVICES JSON log entry or NMEA PGRMT sentence) is written into a generated gnuplot program via a set title statement that escapes only double ...

9.6CVSS6.3AI score0.01775EPSS