CVE-2025-67268

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-67268
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67268.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67268
Downstream
Related
Published
2026-01-02T16:17:00.990Z
Modified
2026-02-11T07:47:12.613341Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.

References

Affected packages

Git / gitlab.com/gpsd/gpsd

Affected ranges

Type
GIT
Repo
https://gitlab.com/gpsd/gpsd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
af42bc1533c926d6e776c9e4c0536d7f861692b4

Affected versions

Other
Hejira
NTPsec_0_9_7
NTPsec_0_9_8
NTPsec_1_0_0
NTPsec_1_1_0
NTPsec_1_1_1
NTPsec_1_1_2
NTPsec_1_1_3
NTPsec_1_1_4
NTPsec_1_1_5
NTPsec_1_1_6
NTPsec_1_1_7
NTPsec_1_1_8
NTPsec_1_1_9
NTPsec_1_2_0
NTPsec_1_2_1
NTPsec_1_2_2
NTPsec_1_2_2a
NTPsec_1_2_3
NTPsec_1_2_4
subversion-cutover
dev-3.*
dev-3.19
dev-3.19a
release-1.*
release-1.90
release-1.96
release-1.97
release-2.*
release-2.0
release-2.1
release-2.10
release-2.11
release-2.12
release-2.13
release-2.14
release-2.15
release-2.16
release-2.17
release-2.18
release-2.19
release-2.2
release-2.20
release-2.21
release-2.22
release-2.23
release-2.24
release-2.25
release-2.26
release-2.27
release-2.28
release-2.29
release-2.3
release-2.30
release-2.31
release-2.32
release-2.33
release-2.34
release-2.35
release-2.36
release-2.37
release-2.38
release-2.39
release-2.4
release-2.5
release-2.6
release-2.7
release-2.8
release-2.9
release-2.90
release-2.91
release-2.92
release-2.93
release-2.94
release-2.95
release-2.96
release-3.*
release-3.0
release-3.1
release-3.10
release-3.11
release-3.12
release-3.13
release-3.14
release-3.15
release-3.16
release-3.17
release-3.18
release-3.18.1
release-3.19
release-3.2
release-3.20
release-3.21
release-3.22
release-3.23
release-3.23.1
release-3.24
release-3.25
release-3.26
release-3.26.1
release-3.27
release-3.3
release-3.4
release-3.5
release-3.6
release-3.7
release-3.8
release-3.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67268.json"