Bug 2252972 (CVE-2023-43628)

Summary: CVE-2023-43628 gpsd: integer overflow
Product: [Other] Security Response Reporter: ybuenos
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mlichvar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An integer overflow vulnerability was found in gpsd. A specially crafted network packet can lead to an integer overflow and cause memory corruption.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2252973, 2252974    
Bug Blocks: 2252975    

Description ybuenos 2023-12-05 14:11:02 UTC 
An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1860
Comment 1 ybuenos 2023-12-05 14:11:44 UTC 
Created gpsd tracking bugs for this issue:

Affects: epel-all [bug 2252974]
Affects: fedora-all [bug 2252973]
Comment 3 Miroslav Lichvar 2023-12-11 13:19:57 UTC 
It seems this issue isn't present in any gpsd release, just the development code. I can reproduce it after commit c1c1c2706c4f5b9bf3be437d0a8f0106ef00c5e7 and it's fixed in commit 3e5c6c28c422102dd453e31912e1e79d1f7ff7f2.