CVE-2025-67269
- Source
- https://cve.org/CVERecord?id=CVE-2025-67269
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67269.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-67269
- Downstream
- Related
- Published
- 2026-01-02T16:17:01.100Z
- Modified
- 2026-02-04T22:23:25.741576Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An integer underflow vulnerability exists in the
nextstate()function ingpsd/packet.cof gpsd versions prior to commitffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated usinglexer->length = (size_t)c - 4without checking if the input bytecis less than 4. This results in an unsigned integer underflow, settinglexer->lengthto a very large value (nearSIZE_MAX). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. - References
Affected packages
Git / gitlab.com/gpsd/gpsd
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/gpsd/gpsd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
Hejira
NTPsec_0_9_7
NTPsec_0_9_8
NTPsec_1_0_0
NTPsec_1_1_0
NTPsec_1_1_1
NTPsec_1_1_2
NTPsec_1_1_3
NTPsec_1_1_4
NTPsec_1_1_5
NTPsec_1_1_6
NTPsec_1_1_7
NTPsec_1_1_8
NTPsec_1_1_9
NTPsec_1_2_0
NTPsec_1_2_1
NTPsec_1_2_2
NTPsec_1_2_2a
NTPsec_1_2_3
NTPsec_1_2_4
subversion-cutover
dev-3.*
dev-3.19
dev-3.19a
release-1.*
release-1.90
release-1.96
release-1.97
release-2.*
release-2.0
release-2.1
release-2.10
release-2.11
release-2.12
release-2.13
release-2.14
release-2.15
release-2.16
release-2.17
release-2.18
release-2.19
release-2.2
release-2.20
release-2.21
release-2.22
release-2.23
release-2.24
release-2.25
release-2.26
release-2.27
release-2.28
release-2.29
release-2.3
release-2.30
release-2.31
release-2.32
release-2.33
release-2.34
release-2.35
release-2.36
release-2.37
release-2.38
release-2.39
release-2.4
release-2.5
release-2.6
release-2.7
release-2.8
release-2.9
release-2.90
release-2.91
release-2.92
release-2.93
release-2.94
release-2.95
release-2.96
release-3.*
release-3.0
release-3.1
release-3.10
release-3.11
release-3.12
release-3.13
release-3.14
release-3.15
release-3.16
release-3.17
release-3.18
release-3.18.1
release-3.19
release-3.2
release-3.20
release-3.21
release-3.22
release-3.23
release-3.23.1
release-3.24
release-3.25
release-3.26
release-3.26.1
release-3.27
release-3.3
release-3.4
release-3.5
release-3.6
release-3.7
release-3.8
release-3.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67269.json"
vanir_signatures
[
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://gitlab.com/gpsd/gpsd@ffa1d6f40bca0b035fc7f5e563160ebb67199da7",
"digest": {
"function_hash": "263178774706924668237634211923090998754",
"length": 36441.0
},
"id": "CVE-2025-67269-0e3e87aa",
"deprecated": false,
"target": {
"file": "gpsd/packet.c",
"function": "nextstate"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://gitlab.com/gpsd/gpsd@ffa1d6f40bca0b035fc7f5e563160ebb67199da7",
"digest": {
"line_hashes": [
"232946447372870582734950929214147794361",
"252455209557864184956152164147775447050",
"100344254839578368912933944342035731154",
"312566332175847359640995602993862027523",
"116245087329467658684408223179089978851",
"124534774100781704905805919339154750382",
"282636686087319127693697714194784044786",
"273063514727277244237792129122708340840",
"78184409280390039629019038598580343013",
"47054498388085673008078682347136893192",
"41911136134762843150306431982061249179",
"52950697631556004638253485325848998392",
"302835219993194874044541884965549117584",
"70062834413860737748409518468976034577",
"296498981952694888142216463323063706567",
"193957489198182899087767475770410233243",
"141174356341664034629650284519915079087",
"189375835852003609892050216576544664473",
"295663324078627978608283040526535538683",
"133257130564790735968031664424716533533",
"224934798089824384191291766359945428596",
"125577570401424993043422971369798362780",
"260631022784895293936820135819932668317",
"114506292225918805595754315716659212756",
"331212619134202398866290121286492652612",
"301304857962818844913314621161667311758",
"111074036985016309434413166882684200553",
"20130023571374393641347996687774378219",
"36557875127331025860419397321810624329",
"266902638081822901375366673878981772210",
"73989853143074908201683273710869258772",
"101495586354197484325375157796093659477",
"117974536086107713339812632536709167153",
"324589435220548792788645384403740181146",
"41911136134762843150306431982061249179",
"154454481829764904634877095935586864863",
"31387928691606537196873882124836917713",
"27012025458145978003658454187266532663",
"288583704482908392357678907175270931906",
"41911136134762843150306431982061249179",
"233672076010028241879511745301741217279",
"64262614692798148058329914176938090162",
"329341897674326092738567052930694003155",
"35941868619464722426470045039768112169",
"108958792081300512965581343842498620986",
"54951719840278761625213617609203745023",
"145474205224798958523235513691225325585",
"256705956630223658545743586508390103567",
"34190359595967911592578040012370162339",
"3855552999826523410515197732478300842",
"242456442067289821828744720159658276712",
"295159486389130669222760324800271963597",
"269809633001464041569273531219717085305",
"41911136134762843150306431982061249179",
"214940189371199582286721701135000479309",
"99312878455032958552769152150123009160",
"117908083147178260222993478295275348791",
"277200277869846826425097114460272859681",
"128654886540569108760958719884146950313"
],
"threshold": 0.9
},
"id": "CVE-2025-67269-e12f2a05",
"deprecated": false,
"target": {
"file": "gpsd/packet.c"
}
}
]