CVE-2025-67268
- Source
- https://cve.org/CVERecord?id=CVE-2025-67268
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67268.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-67268
- Downstream
- Related
- Published
- 2026-01-02T16:17:00.990Z
- Modified
- 2026-04-12T22:57:44.410599Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
- References
Affected packages
Git / github.com/ntpsec/gpsd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ntpsec/gpsd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
Hejira
subversion-cutover
dev-3.*
dev-3.19
dev-3.19a
release-1.*
release-1.90
release-1.96
release-1.97
release-2.*
release-2.0
release-2.1
release-2.10
release-2.11
release-2.12
release-2.13
release-2.14
release-2.15
release-2.16
release-2.17
release-2.18
release-2.19
release-2.2
release-2.20
release-2.21
release-2.22
release-2.23
release-2.24
release-2.25
release-2.26
release-2.27
release-2.28
release-2.29
release-2.3
release-2.30
release-2.31
release-2.32
release-2.33
release-2.34
release-2.35
release-2.36
release-2.37
release-2.38
release-2.39
release-2.4
release-2.5
release-2.6
release-2.7
release-2.8
release-2.9
release-2.90
release-2.91
release-2.92
release-2.93
release-2.94
release-2.95
release-2.96
release-3.*
release-3.0
release-3.1
release-3.10
release-3.11
release-3.12
release-3.13
release-3.14
release-3.15
release-3.16
release-3.17
release-3.18
release-3.18.1
release-3.19
release-3.2
release-3.20
release-3.21
release-3.22
release-3.23
release-3.23.1
release-3.24
release-3.25
release-3.26
release-3.26.1
release-3.27
release-3.3
release-3.4
release-3.5
release-3.6
release-3.7
release-3.8
release-3.9
Database specific
vanir_signatures
[
{
"target": {
"file": "drivers/driver_nmea2000.c",
"function": "hnd_129540"
},
"digest": {
"function_hash": "105259528630567690175396207059184867841",
"length": 1368.0
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-67268-1cbc29ef",
"source": "https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4"
},
{
"target": {
"file": "drivers/driver_nmea2000.c",
"function": "hnd_129794"
},
"digest": {
"function_hash": "104243196420291599400759051243659380884",
"length": 3744.0
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-67268-3b943542",
"source": "https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4"
},
{
"target": {
"file": "drivers/driver_nmea2000.c"
},
"digest": {
"line_hashes": [
"301899082615778777958300994720599554715",
"173313207925924300750538826159892586097",
"223233895100158281844381273673919708353",
"110484929666747789041113765260162972004",
"187391794010732201736388972714275196954",
"230646192056287253692020247170152917391",
"143746418151742419392005416412968428510",
"258663627648466636016807365128241252256",
"84286245727133985775637505658253462896",
"203657649542939271645549124154522397170",
"42241344955198936162462118037970764442",
"291194823374081130730644706115702638306",
"288946676764685565951419866227719327998",
"123877158461419912975070738811683022003",
"122730909966964399552096204534916504749",
"150207851635810719461999571982036739465",
"270737244785664652208123544399968698075",
"184984997373703787042761790868655614706",
"121741773227501933846222551061355767988",
"131598562055115311107171319703273104719",
"309936402353376797338546836117953791633",
"228965490133355669210526840367999854778",
"254178367809938876783246051847650858602",
"147162964671859547538754794995422111163",
"276873986630947536745053840261197116511",
"125066342053508356492509753333970150304",
"51141001591889163080580818268196202184",
"45513369824706700460333445760124407646",
"88473383690504424851017032787444658009",
"67307213979811526136784965610048598118",
"241002203408033455836298324352726752143",
"331595714722402796383098273866650670501",
"122128572970794042470244986871509392938",
"326156396403926860227506787310461159622",
"218139428144337197984501315863984807958",
"42179085120155464671271938638761860644",
"162183925228550454435809151627159998902",
"326551046008180817052378351367054739228",
"190997459732795863606948481439584157633",
"84575677316916295386036876804762932791",
"349995656070543335757380238685057486",
"246581169863630670559817428784400019605",
"92898145458241941169643023565596597167",
"48608388770810409429168444813329265608",
"228811853701403466642071577897052304431",
"152856243337449848629680666452702073848",
"334567402186982500277074964138475563936",
"228965490133355669210526840367999854778",
"56258332439274155442974792293277067956",
"85669919538558443160316497417679545966",
"76717866043278817890814219058258317187",
"16299343317838569866682939166407001617",
"327546806110741070629781786260085135972",
"18098775667748604966013750148919629345",
"212938115192396657926239792580753985951",
"328184742661260129927468121672789464891",
"40812079506764683351079724876170836780",
"161351160096788792412922180139285832923",
"44894008872964552468107490820897293014",
"18410556787139689384800605930638609038",
"282076088128163838374807020892935969022",
"120523308835601733744165952653234320652",
"146330190709743845346360877718992484166",
"60770490530877303098463823643353459023",
"152117939046612027391667232092097094126",
"261586645594208733742381735499652766627",
"225245517090070010918179204392061464446",
"230985081827738108209689837926818591368",
"326406507393856881241662499343789402559",
"25687408488990309135433254248238932505",
"92096370762457955123051941306948778879",
"109119817195730705194132769788230916430",
"201115015377132237017031325406261761682",
"188184911841304245314966325044580609401",
"194095968629133177862830097885741635178",
"219843522519551343836412509744732919584",
"62877109728028988082484107853782935031",
"92201161618145433187161081902409276417",
"217954927850451629330622116262712971936",
"126633765821012722795315053623843570912",
"334850354326762282016648728720955654995",
"28196637138051000841096674966492382494",
"274923851681568825722220736678061849597",
"145408303397525999208183034398253860634",
"139079787763409600414759211655074086243",
"180785303726664127800578811306983866758",
"39176888230941191792787340804780343285",
"56132815662644486971439363288176522943",
"99461643383074365486544712131657833550",
"49088599479885417100500372121169173682",
"308112235966414382862167329129896736800",
"37363573563332471201614205770822823247",
"98906147084495459601029137846333735445",
"131178370538368186639578252235656961528",
"117174158533594169567235366920753282407",
"15666528023370909860605963704613269064",
"106350967037646459330499007725589073475",
"291774798488419977141691412377129675707",
"125178119593380550562143903386906344396",
"57345500855443246931356951900079055167",
"45050053078876900200127501457120842933",
"276105055783441647873776541939014935128",
"282944876298106450509047275527438182242",
"131520817959633764989535248442453059190",
"81238217792783197297421807540158472730",
"156111094994057214676289451080804130499",
"123255003356401633642635486001216568661",
"198199403283513011170292080064110418768",
"229120158649950553899524201712657687382",
"250812894841808828062272231052520478278",
"112708045375494266190601965587765044805",
"172269027513090635287458110976474855460",
"190443543030567916707242903457386362757",
"146337777459598868444701570133377285873",
"312112377369680645189556332915362454390",
"266711515856932627689923619515567074828",
"99777858879540348261888289983013670176",
"39856916969520132702201137784585512566",
"97708747760475442440079488706414958784",
"227701834237883993479016026870537580102",
"164345851376346150403299367599197148580",
"76002774139815901694721991262020520570",
"294177779469757185246810499118731229743",
"270504300135502789691340715091027341011",
"196142074540582511756470783133624176778",
"28408262499129202399996484083694204146",
"43632956342419999162640169397103545449",
"80305380209092797669467611247781290384",
"5045876003325082659626443246594112550",
"233460529130323497895547048915668909920",
"253145521652550357402418201558113071887",
"71838217061253676067390957255882423930",
"221834986752664217719881613152418161514",
"273169590367009214640950606111446255953",
"104479839500280551302457441850641657966",
"118137108742181096931269753800550874739",
"16207332635578960925876091048559541587",
"65873235745888076677319067871239969876",
"164473191002341174039468922053418468049",
"108050039061681470442928716122549125353",
"262800260259799005509092656696079559907",
"190443543030567916707242903457386362757",
"332841060657010191570505651459853387976",
"19484340974669335423772080041894236442"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-67268-46496368",
"source": "https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4"
},
{
"target": {
"file": "drivers/driver_nmea2000.c",
"function": "print_data"
},
"digest": {
"function_hash": "269850291394952259709565422042920942540",
"length": 680.0
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-67268-a89bc14a",
"source": "https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67268.json"
vanir_signatures_modified
"2026-04-12T22:57:44Z"