A stack-based buffer overflow flaw was found in gpsd versions 2.90 to 3.17. Successful exploitation of this vulnerability could allow remote code execution, data exfiltration, or denial-of service via device crash. Upstream patch: https://git.savannah.gnu.org/cgit/gpsd.git/commit/json.c?id=7646cbd04055a50b157312ba6b376e88bd398c19 References: https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01
gpsd-3.17-6.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
This was assigned CVE-2018-17937.
gpsd-3.17-6.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.