CVE-2023-43628

2023-12-0512:15:43

CWE-191

talos

web.nvd.nist.gov

cve-2023-43628

gpsd

integer overflow

ntrip stream parsing

memory corruption

remote code execution

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

13.2%

JSON

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

gpsd_projectgpsdMatch3.25.1dev

VendorProductVersionCPE
gpsd_projectgpsd3.25.1cpe:2.3:a:gpsd_project:gpsd:3.25.1:dev:*:*:*:*:*:*

Vendor	Product	Version	CPE
gpsd_project	gpsd	3.25.1	cpe:2.3:a:gpsd_project:gpsd:3.25.1:dev::::::

CNA Affected

[
  {
    "vendor": "GPSd",
    "product": "GPSd",
    "versions": [
      {
        "version": "3.25.1~dev",
        "status": "affected"
      }
    ]
  }
]