CVE-2013-2038

NONE
Published Feb 6, 201412y ago · Modified Jun 16, 20262w ago
Find Similar
Published Feb 6, 2014 12y ago
Last Modified Jun 16, 2026 2w ago

Description

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 10

VendorProductVersionRange
gpsd_projectgpsd* ≤3.8
gpsd_projectgpsd3.0any
gpsd_projectgpsd3.1any
gpsd_projectgpsd3.2any
gpsd_projectgpsd3.3any
gpsd_projectgpsd3.4any
gpsd_projectgpsd3.5any
gpsd_projectgpsd3.6any
gpsd_projectgpsd3.7any
canonicalubuntu_linux12.04any

References 7

  • git.savannah.gnu.org http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
    ExploitPatch
  • lists.nongnu.org http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html
  • openwall.com http://openwall.com/lists/oss-security/2013/05/02/20
  • openwall.com http://openwall.com/lists/oss-security/2013/05/08/1
  • ubuntu.com http://ubuntu.com/usn/usn-1820-1
  • osvdb.org http://www.osvdb.org/93000
  • osvdb.org http://www.osvdb.org/93001

Remediation

  • git.savannah.gnu.org http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
    ExploitPatch