CVE-2018-17937

Name of the Vulnerable Software and Affected Versions gpsd versions 2.90 to 3.17 microjson versions 1.0 to 1.3

Description The issue is related to a stack-based buffer overflow in gpsd, which may allow remote attackers to execute arbitrary code on embedded platforms. This can be achieved via traffic on Port 2947/TCP or crafted JSON inputs. The exploitation of this issue may also allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For gpsd versions 2.90 to 3.17, consider disabling the service that listens on Port 2947/TCP until a patch is available. For microjson versions 1.0 to 1.3, avoid using crafted JSON inputs in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the vulnerable gpsd daemon to minimize the risk of exploitation.