CVE-2013-2038
NONE
Published Feb 6, 201412y ago · Modified Jun 16, 20262w ago
Published Feb 6, 2014 12y ago
Last Modified Jun 16, 2026 2w ago
Description
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 10
| Vendor | Product | Version | Range |
|---|---|---|---|
| gpsd_project | gpsd | * | ≤3.8 |
| gpsd_project | gpsd | 3.0 | any |
| gpsd_project | gpsd | 3.1 | any |
| gpsd_project | gpsd | 3.2 | any |
| gpsd_project | gpsd | 3.3 | any |
| gpsd_project | gpsd | 3.4 | any |
| gpsd_project | gpsd | 3.5 | any |
| gpsd_project | gpsd | 3.6 | any |
| gpsd_project | gpsd | 3.7 | any |
| canonical | ubuntu_linux | 12.04 | any |
References 7
- git.savannah.gnu.org http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
- lists.nongnu.org http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html
- openwall.com http://openwall.com/lists/oss-security/2013/05/02/20
- openwall.com http://openwall.com/lists/oss-security/2013/05/08/1
- ubuntu.com http://ubuntu.com/usn/usn-1820-1
- osvdb.org http://www.osvdb.org/93000
- osvdb.org http://www.osvdb.org/93001
Remediation
- git.savannah.gnu.org http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50