PT-2023-28885 · Gpsd · Gpsd

Dimitrios Tatsis

Published

2023-12-05

Updated

2023-12-11

CVE-2023-43628

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GPSd version 3.25.1~dev

Description An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this issue.

Recommendations For GPSd version 3.25.1~dev, consider disabling the NTRIP Stream Parsing functionality until a patch is available. Restrict access to the affected parsing module to minimize the risk of exploitation. Avoid using the vulnerable functionality in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

CVE-2023-43628

Affected Products

Gpsd

PT-2023-28885 · Gpsd · Gpsd

CVE-2023-43628

Weakness Enumeration

Related Identifiers

Affected Products

References · 9