All errata/sisyphus/ALT-PU-2025-16781-2
ALT-PU-2025-16781-2

Package update gpsd in branch sisyphus

Version3.27.1-alt1
Task#403422
Published2026-05-14
Max severityCRITICAL
Severity:

Closed issues (4)

BDU:2026-06690
CRITICAL9.8

Уязвимость компонента drivers/driver_nmea2000.c демона отслеживания приемников GPS GPSd, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-05-12
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2026-06691
HIGH7.5

Уязвимость функции nextstate() компонента gpsd/packet.c демона отслеживания приемников GPS GPSd, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-05-12
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2025-67268
CRITICAL9.8

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.

Published: 2026-01-02Modified: 2026-01-12
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2025-67269
HIGH7.5

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.

Published: 2026-01-02Modified: 2026-01-09
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References