CVE-2018-17937
HIGHgpsd 2.90-3.17 and microjson 1.0-1.3 - Stack-based Buffer Overflow via Port 2947/TCP or JSON Input
Title source: llmDescription
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107029
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202009-17
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html
Scores
CVSS v3
8.8
EPSS
0.0266
EPSS Percentile
83.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
CWE-787
Status
published
Products (4)
debian/debian_linux
8.0
debian/debian_linux
9.0
gpsd_project/gpsd
2.90 - 3.17
microjson_project/microjson
1.0 - 1.3
Published
Mar 13, 2019
Tracked Since
Feb 18, 2026