CVE-2025-67268Gpsd_project · Gpsd
Vulnerability data via NVD (ingested)
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2025-67268product:"Gpsd Project Gpsd"http.html:"Gpsd"More intel sources (5)
vuln:CVE-2025-67268vulnerabilities.cve_id: CVE-2025-67268CVE-2025-67268CVE-2025-67268"CVE-2025-67268" exploit -site:nvd.nist.gov