Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:0770

Опубликовано: 21 янв. 2026
Источник: rocky
Оценка: Important

Описание

Important: gpsd security update

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications (such as navigational and war-driving software) can share access to a GPS without contention or loss of data. Also, gpsd responds to queries with a format that is substantially easier to parse than NMEA 0183.

Security Fix(es):

  • gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing (CVE-2025-67269)

  • gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling (CVE-2025-67268)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
gpsdx86_641.el10_1.1gpsd-3.26.1-1.el10_1.1.x86_64.rpm
gpsd-clientsx86_641.el10_1.1gpsd-clients-3.26.1-1.el10_1.1.x86_64.rpm
python3-gpsdx86_641.el10_1.1python3-gpsd-3.26.1-1.el10_1.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-67268
CVE-2025-67269

Ссылки на источники

Исправления

Связанные уязвимости

rocky логотип

RLSA-2026:0771

rocky
18 дней назад

Important: gpsd-minimal security update

oracle-oval логотип

ELSA-2026-0771

oracle-oval
19 дней назад

ELSA-2026-0771: gpsd-minimal security update (IMPORTANT)

oracle-oval логотип

ELSA-2026-0770

oracle-oval
19 дней назад

ELSA-2026-0770: gpsd security update (IMPORTANT)

ubuntu логотип

CVE-2025-67269

CVSS3: 7.5
ubuntu
около 1 месяца назад

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.

nvd логотип

CVE-2025-67269

CVSS3: 7.5
nvd
около 1 месяца назад

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.