CVE-2025-67269

Source
https://cve.org/CVERecord?id=CVE-2025-67269
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67269.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67269
Downstream
Related
Published
2026-01-02T00:00:00Z
Modified
2026-07-16T03:31:02.063687769Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An integer underflow vulnerability exists in the nextstate() function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer->length = (size_t)c - 4 without checking if the input byte c is less than 4. This results in an unsigned integer underflow, setting lexer->length to a very large value (near SIZE_MAX). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67269.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / gitlab.com/gpsd/gpsd

Affected ranges

Type
GIT
Repo
https://gitlab.com/gpsd/gpsd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:gpsd_project:gpsd:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.27.1"
        }
    ]
}

Affected versions

Other
Hejira
subversion-cutover
dev-3.*
dev-3.19
dev-3.19a
release-1.*
release-1.90
release-1.96
release-1.97
release-2.*
release-2.0
release-2.1
release-2.10
release-2.11
release-2.12
release-2.13
release-2.14
release-2.15
release-2.16
release-2.17
release-2.18
release-2.19
release-2.2
release-2.20
release-2.21
release-2.22
release-2.23
release-2.24
release-2.25
release-2.26
release-2.27
release-2.28
release-2.29
release-2.3
release-2.30
release-2.31
release-2.32
release-2.33
release-2.34
release-2.35
release-2.36
release-2.37
release-2.38
release-2.39
release-2.4
release-2.5
release-2.6
release-2.7
release-2.8
release-2.9
release-2.90
release-2.91
release-2.92
release-2.93
release-2.94
release-2.95
release-2.96
release-3.*
release-3.0
release-3.1
release-3.10
release-3.11
release-3.12
release-3.13
release-3.14
release-3.15
release-3.16
release-3.17
release-3.18
release-3.18.1
release-3.19
release-3.2
release-3.20
release-3.21
release-3.22
release-3.23
release-3.23.1
release-3.24
release-3.25
release-3.26
release-3.26.1
release-3.27
release-3.3
release-3.4
release-3.5
release-3.6
release-3.7
release-3.8
release-3.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67269.json"