cvedb.io
CVE-2025-67269
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-01-02T16:17:01.100 · Last modified 2026-06-30T03:16:57.827

Summary

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.

Affected products

gpsd_project — gpsd

Does this affect you?

Add your gear to cvedb and we'll alert you only when gpsd_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.