9.8

CVE-2025-67268

Exploit
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gpsd ProjectGpsd Version < 3.27.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.475
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md
Third Party Advisory
Exploit
https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c
Product
https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4
Patch
https://access.redhat.com/errata/RHSA-2026:0770
https://access.redhat.com/errata/RHSA-2026:0771
https://access.redhat.com/errata/RHSA-2026:1621
https://access.redhat.com/security/cve/CVE-2025-67268
https://bugzilla.redhat.com/show_bug.cgi?id=2426835
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-67268.json