CVE-2013-2038
published 2014-02-06CVE-2013-2038: The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS…
PriorityP429medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
4.15%
89.6th percentile
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | gpsd | < gpsd 3.6-5 (bookworm) | gpsd 3.6-5 (bookworm) |
| gpsd_project | gpsd | <= 3.8 | — |
| gpsd_project | gpsd | — | — |
| gpsd_project | gpsd | — | — |
| gpsd_project | gpsd | — | — |
| gpsd_project | gpsd | — | — |
| gpsd_project | gpsd | — | — |
| gpsd_project | gpsd | — | — |
| gpsd_project | gpsd | — | — |
| gpsd_project | gpsd | — | — |
| gpsd_project | gpsd | >= 0 < 3.6-5 | 3.6-5 |
| gpsd_project | gpsd | >= 0 < 3.6-5 | 3.6-5 |
| gpsd_project | gpsd | >= 0 < 3.6-5 | 3.6-5 |
| gpsd_project | gpsd | >= 0 < 3.6-5 | 3.6-5 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
gpsd vulnerability
vendor_ubuntu·2013-05-08
CVE-2013-2038 gpsd vulnerability
Title: gpsd vulnerability
Summary: gpsd could be made to crash or possibly run programs if it received
specially crafted input.
It was discovered that gpsd incorrectly handled certain malformed GPS data.
An attacker could use this issue to cause gpsd to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2013-2038: gpsd - The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial...
vendor_debian·2013·CVSS 4.3
CVE-2013-2038 [MEDIUM] CVE-2013-2038: gpsd - The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial...
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
Scope: local
bookworm: resolved (fixed in 3.6-5)
bullseye: resolved (fixed in 3.6-5)
forky: resolved (fixed in 3.6-5)
sid: resolved (fixed in 3.6-5)
trixie: resolved (fixed in 3.6-5)
GHSA
GHSA-ph76-84x2-r5q2: The NMEA0183 driver in gpsd before 3
ghsa_unreviewed·2022-05-17
CVE-2013-2038 [MEDIUM] CWE-20 GHSA-ph76-84x2-r5q2: The NMEA0183 driver in gpsd before 3
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
OSV
CVE-2013-2038: The NMEA0183 driver in gpsd before 3
osv·2014-02-06·CVSS 4.3
CVE-2013-2038 [MEDIUM] CVE-2013-2038: The NMEA0183 driver in gpsd before 3
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.htmlhttp://openwall.com/lists/oss-security/2013/05/02/20http://openwall.com/lists/oss-security/2013/05/08/1http://ubuntu.com/usn/usn-1820-1http://www.osvdb.org/93000http://www.osvdb.org/93001http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.htmlhttp://openwall.com/lists/oss-security/2013/05/02/20http://openwall.com/lists/oss-security/2013/05/08/1http://ubuntu.com/usn/usn-1820-1http://www.osvdb.org/93000http://www.osvdb.org/93001
2014-02-06
Published