Note:
This project will be discontinued after December 13, 2021. [more]
2019-03-13
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
| Products | Debian_linux, Gpsd, Microjson |
| Type | Stack-based Buffer Overflow (CWE-121) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.gentoo.org/glsa/202009-17
• https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html • https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html • https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01 • http://www.securityfocus.com/bid/107029 |