CVE-2013-2038

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gpsd_project:gpsd:*:*:*:*:*:*:*:*
cpe:2.3:a:gpsd_project:gpsd:3.0:*:*:*:*:*:*:*
cpe:2.3:a:gpsd_project:gpsd:3.1:*:*:*:*:*:*:*
cpe:2.3:a:gpsd_project:gpsd:3.2:*:*:*:*:*:*:*
cpe:2.3:a:gpsd_project:gpsd:3.3:*:*:*:*:*:*:*
cpe:2.3:a:gpsd_project:gpsd:3.4:*:*:*:*:*:*:*
cpe:2.3:a:gpsd_project:gpsd:3.5:*:*:*:*:*:*:*
cpe:2.3:a:gpsd_project:gpsd:3.6:*:*:*:*:*:*:*
cpe:2.3:a:gpsd_project:gpsd:3.7:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*

History

No history.

Information

Published : 2014-02-06 17:00

Updated : 2024-02-04 18:35


NVD link : CVE-2013-2038

Mitre link : CVE-2013-2038

CVE.ORG link : CVE-2013-2038


JSON object : View

Products Affected

gpsd_project

  • gpsd

canonical

  • ubuntu_linux
CWE
CWE-20

Improper Input Validation