PT-2026-1058 · Gpsd+4 · Gpsd+4

Published

2025-01-01

Updated

2026-01-30

CVE-2025-67269

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7

Description An integer underflow issue exists in the nextstate() function within gpsd/packet.c. This occurs when parsing a NAVCOM packet, where the payload length is calculated without verifying if the input byte c is less than 4. This can lead to an unsigned integer underflow, resulting in a very large value being assigned to lexer->length. Subsequently, the parser attempts to consume this excessive number of bytes, causing high CPU usage and a Denial of Service (DoS) condition.

Recommendations Update gpsd to a version after commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7.

Exploit

Fix

DoS

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALSA-2026:0770

ALSA-2026:0771

BDU:2026-06691

CVE-2025-67269

MGASA-2026-0028

OPENSUSE-SU-2026:10008-1

RHSA-2026:0770

RHSA-2026:0771

USN-7948-1

Affected Products

Debian

Linuxmint

Rocky Linux

Ubuntu

Gpsd

PT-2026-1058 · Gpsd+4 · Gpsd+4

CVE-2025-67269

Weakness Enumeration

Related Identifiers

Affected Products

References · 41