9.8
CVE-2025-67268
- EPSS 0.67%
- Veröffentlicht 02.01.2026 16:17:00
- Zuletzt bearbeitet 30.06.2026 03:16:57
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gpsd Project ≫ Gpsd Version < 3.27.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.475 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md
https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c
https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4
https://access.redhat.com/errata/RHSA-2026:0770
https://access.redhat.com/errata/RHSA-2026:0771
https://access.redhat.com/errata/RHSA-2026:1621
https://access.redhat.com/security/cve/CVE-2025-67268
https://bugzilla.redhat.com/show_bug.cgi?id=2426835
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-67268.json