Описание
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.27-1.1ubuntu1 |
| esm-apps/bionic | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | needs-triage | |
| jammy | released | 3.22-4ubuntu2.1 |
| noble | released | 3.25-3ubuntu3.2 |
| plucky | released | 3.25-5ubuntu1.25.04.1 |
| questing | released | 3.25-5ubuntu1.25.10.1 |
| upstream | released | 3.27-1.1 |
Показывать по
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
gpsd before commit dc966aa contains a heap-based out-of-bounds write v ...
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
EPSS
9.8 Critical
CVSS3