2252972 – (CVE-2023-43628) CVE-2023-43628 gpsd: integer overflow

Bug 2252972 (CVE-2023-43628) - CVE-2023-43628 gpsd: integer overflow

Summary: CVE-2023-43628 gpsd: integer overflow

Keywords:
Status:	NEW
Alias:	CVE-2023-43628
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2252973 2252974
Blocks:	2252975
TreeView+	depends on / blocked

Reported:	2023-12-05 14:11 UTC by ybuenos
Modified:	2023-12-19 09:36 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description ybuenos 2023-12-05 14:11:02 UTC

An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1860

Comment 1 ybuenos 2023-12-05 14:11:44 UTC

Created gpsd tracking bugs for this issue:

Affects: epel-all [bug 2252974]
Affects: fedora-all [bug 2252973]

Comment 3 Miroslav Lichvar 2023-12-11 13:19:57 UTC

It seems this issue isn't present in any gpsd release, just the development code. I can reproduce it after commit c1c1c2706c4f5b9bf3be437d0a8f0106ef00c5e7 and it's fixed in commit 3e5c6c28c422102dd453e31912e1e79d1f7ff7f2.

Note You need to log in before you can comment on or make changes to this bug.