Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
gpsd 安全漏洞
Vulnerability Description
gpsd是一款用于接收GPS数据的守护程序。 gpsd存在安全漏洞,该漏洞源于nextstate函数中存在整数下溢,可能导致CPU利用率达到100%和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A