Source: gpsd Version: 3.27-1.1 Severity: grave Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for gpsd. CVE-2025-67269[0]: | An integer underflow vulnerability exists in the `nextstate()` | function in `gpsd/packet.c` of gpsd versions prior to commit | `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM | packet, the payload length is calculated using `lexer->length = | (size_t)c - 4` without checking if the input byte `c` is less than | 4. This results in an unsigned integer underflow, setting | `lexer->length` to a very large value (near `SIZE_MAX`). The parser | then enters a loop attempting to consume this massive number of | bytes, causing 100% CPU utilization and a Denial of Service (DoS) | condition. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-67269 https://www.cve.org/CVERecord?id=CVE-2025-67269 [1] https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67269/README.md [2] https://gitlab.com/gpsd/gpsd/-/commit/ffa1d6f40bca0b035fc7f5e563160ebb67199da7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
