Heap-based Out-of-Bounds Write in gpsd Affects NMEA2000 Driver
CVE-2025-67268

9.8CRITICAL

Key Information:

Vendor

ntpsec

Status
Vendor
CVE Published:
2 January 2026

What is CVE-2025-67268?

A vulnerability exists in gpsd prior to commit dc966aa, where the hnd_129540 function in the NMEA2000 driver fails to adequately validate the user-supplied satellite count against the size of the skyview array, which is limited to 184 elements. An attacker can exploit this flaw by sending a satellite count of up to 255, resulting in an out-of-bounds write that may lead to memory corruption, Denial of Service (DoS), and potentially allow for arbitrary code execution within the affected system.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.