Vulnerabilities (CVE)

Filtered by vendor Gpsd Project Subscribe
Filtered by product Gpsd
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-17937 3 Debian, Gpsd Project, Microjson Project 3 Debian Linux, Gpsd, Microjson 2024-11-21 5.8 MEDIUM 8.8 HIGH
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
CVE-2013-2038 2 Canonical, Gpsd Project 2 Ubuntu Linux, Gpsd 2024-11-21 4.3 MEDIUM N/A
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
CVE-2023-43628 1 Gpsd Project 1 Gpsd 2024-02-28 N/A 7.5 HIGH
An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.