Heap-based Out-of-Bounds Write in gpsd Affects NMEA2000 Driver
CVE-2025-67268
9.8CRITICAL
What is CVE-2025-67268?
A vulnerability exists in gpsd prior to commit dc966aa, where the hnd_129540 function in the NMEA2000 driver fails to adequately validate the user-supplied satellite count against the size of the skyview array, which is limited to 184 elements. An attacker can exploit this flaw by sending a satellite count of up to 255, resulting in an out-of-bounds write that may lead to memory corruption, Denial of Service (DoS), and potentially allow for arbitrary code execution within the affected system.
