CVE-2018-17937
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-17937
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17937.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-17937
- Related
- Published
- 2019-03-13T17:29:00Z
- Modified
- 2025-01-14T07:25:47.730387Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
- References
-
- http://www.securityfocus.com/bid/107029
- https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01
- https://security.gentoo.org/glsa/202009-17
- https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html
- https://security-tracker.debian.org/tracker/CVE-2018-17937
Affected packages
Debian:11 / gpsd
Package
- Name
- gpsd
- Purl
- pkg:deb/debian/gpsd?arch=source
Debian:12 / gpsd
Package
- Name
- gpsd
- Purl
- pkg:deb/debian/gpsd?arch=source
Debian:13 / gpsd
Package
- Name
- gpsd
- Purl
- pkg:deb/debian/gpsd?arch=source
Git / gitlab.com/gpsd/gpsd
Affected versions
Other
Hejira
subversion-cutover
release-2.*
release-2.90
release-2.91
release-2.92
release-2.93
release-2.94
release-2.95
release-2.96
release-3.*
release-3.0
release-3.1
release-3.10
release-3.11
release-3.12
release-3.13
release-3.14
release-3.15
release-3.16
release-3.17
release-3.2
release-3.3
release-3.4
release-3.5
release-3.6
release-3.7
release-3.8
release-3.9