Severity: HIGH
Analysis Summary
A stack-based buffer overflow may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. The gpsd can be found in many mobile embedded systems such as Android phones, drones, robot submarines, driverless cars, manned aircraft, marine navigation systems, and military vehicles. This may affect the industries of Communication, Defense Industrial Base, Emergency Services, Transportation Systems, and other sectors.
Impact
Affected Vendors
gpsd Open Source Project
Affected Products
microjson Versions 1.0 to 1.3
gpsd Versions 2.90 to 3.17
Remediation
The gpsd/microjson project maintainers recommend upgrading to gpsd Version 3.18 or newer and microjson 1.4 or newer to resolve this vulnerability. Further mitigation techniques include: