CVE-2018-17937

gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.

References

Affected packages

Git / gitlab.com/gpsd/gpsd

Affected ranges

Type

GIT

Repo

https://gitlab.com/gpsd/gpsd

Events

Introduced

b51f606e6ee2bb0da2199ba6b8f7ad4cac472146

Last affected

18bc54e3ef722495a7ff84db7321c1a399806149

Database specific

{
    "versions": [
        {
            "introduced": "2.90"
        },
        {
            "last_affected": "3.17"
        }
    ]
}

Affected versions

Other

Hejira

subversion-cutover

release-2.*

release-2.90

release-2.91

release-2.92

release-2.93

release-2.94

release-2.95

release-2.96

release-3.*

release-3.0

release-3.1

release-3.10

release-3.11

release-3.12

release-3.13

release-3.14

release-3.15

release-3.16

release-3.17

release-3.2

release-3.3

release-3.4

release-3.5

release-3.6

release-3.7

release-3.8

release-3.9

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "1.0"
            },
            {
                "last_affected": "1.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17937.json"