CVE-2025-67268

CVE-2025-67268

Name

CVE-2025-67268

Description

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md
cve@mitre.org	https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c
cve@mitre.org	https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4

Type

URI

cve@mitre.org

https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md

cve@mitre.org

https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c

cve@mitre.org

https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== None
`cpe:2.3:a:gpsd_project:gpsd::::::::`	gpsd	>= None	< 3.27.1

CPE URI

Source package

Min version

Max version

n/a

== n/a

== None

cpe:2.3:a:gpsd_project:gpsd:*:*:*:*:*:*:*:*

gpsd

>= None

< 3.27.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
gpsd	edge-main	3.26.1-r0	Nathan Angelacos <nangel@alpinelinux.org>	possibly vulnerable
gpsd	edge-main	3.25-r3	Nathan Angelacos <nangel@alpinelinux.org>	possibly vulnerable
gpsd	edge-main	3.25-r2	Nathan Angelacos <nangel@alpinelinux.org>	possibly vulnerable
gpsd	3.23-main	3.26.1-r0	Nathan Angelacos <nangel@alpinelinux.org>	possibly vulnerable
gpsd	3.22-main	3.26.1-r0	Nathan Angelacos <nangel@alpinelinux.org>	possibly vulnerable
gpsd	3.21-main	3.25-r2	Nathan Angelacos <nangel@alpinelinux.org>	possibly vulnerable
gpsd	3.20-main	3.25-r2	Nathan Angelacos <nangel@alpinelinux.org>	possibly vulnerable
gpsd	3.19-main	3.25-r1	Nathan Angelacos <nangel@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

gpsd

edge-main

3.26.1-r0

Nathan Angelacos <nangel@alpinelinux.org>

possibly vulnerable

gpsd

edge-main