CVE-2025-67268

Published: Jan 2, 2026

Modified: Jan 6, 2026

PUBLISHED

Description

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4

https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c

https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-67268

Description

Affected Products

References