CVE-2013-2038
Published: 2 May 2013
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
Priority
Status
Package | Release | Status |
---|---|---|
gpsd Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(3.4-2ubuntu0.1)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(3.9-2)
|
|
trusty |
Does not exist
(trusty was not-affected [3.9-3])
|
|
upstream |
Released
(3.9)
|
|
Patches: upstream: http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50 upstream: http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=08edc49d8f63c75bfdfb480b083b0d960310f94f |