CVE-2023-43628

Name of the Vulnerable Software and Affected Versions GPSd version 3.25.1~dev

Description An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this issue.

Recommendations For GPSd version 3.25.1~dev, consider disabling the NTRIP Stream Parsing functionality until a patch is available. Restrict access to the affected parsing module to minimize the risk of exploitation. Avoid using the vulnerable functionality in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.