Source: gpsd Version: 3.27-1.1 Severity: grave Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for gpsd. CVE-2025-67268[0]: | gpsd before commit dc966aa contains a heap-based out-of-bounds write | vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 | function, which handles NMEA2000 PGN 129540 (GNSS Satellites in | View) packets, fails to validate the user-supplied satellite count | against the size of the skyview array (184 elements). This allows an | attacker to write beyond the bounds of the array by providing a | satellite count up to 255, leading to memory corruption, Denial of | Service (DoS), and potentially arbitrary code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-67268 https://www.cve.org/CVERecord?id=CVE-2025-67268 [1] https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md [2] https://gitlab.com/gpsd/gpsd/-/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
