CVE-2013-2038
gpsd < 3.9 - Denial of Service via Malformed NMEA0183 $GPGGA Sentence
Title source: llmDescription
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
References (7)
Core 7
Core References
Exploit, Patch x_refsource_confirm
http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/93000
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1820-1
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/05/08/1
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/05/02/20
Various Sources mailing-list
x_refsource_mlist
http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/93001
Scores
EPSS
0.0415
EPSS Percentile
89.7%
Details
CWE
CWE-20
Status
published
Products (10)
canonical/ubuntu_linux
12.04
gpsd_project/gpsd
3.0
gpsd_project/gpsd
3.1
gpsd_project/gpsd
3.2
gpsd_project/gpsd
3.3
gpsd_project/gpsd
3.4
gpsd_project/gpsd
3.5
gpsd_project/gpsd
3.6
gpsd_project/gpsd
3.7
gpsd_project/gpsd
< 3.8
Published
Feb 06, 2014
Tracked Since
Feb 18, 2026