gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
References
| Link | Resource |
|---|---|
| https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md | Exploit Third Party Advisory |
| https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c | Product |
| https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4 | Patch |
Configurations
History
12 Jan 2026, 15:33
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:gpsd_project:gpsd:*:*:*:*:*:*:*:* | |
| First Time |
Gpsd Project
Gpsd Project gpsd |
|
| References | () https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md - Exploit, Third Party Advisory | |
| References | () https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c - Product | |
| References | () https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4 - Patch |
06 Jan 2026, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CWE | CWE-122 |
02 Jan 2026, 16:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-02 16:17
Updated : 2026-01-12 15:33
NVD link : CVE-2025-67268
Mitre link : CVE-2025-67268
CVE.ORG link : CVE-2025-67268
JSON object : View
Products Affected
gpsd_project
- gpsd
CWE
CWE-122
Heap-based Buffer Overflow