A stack-based buﬀer overﬂow may allow remote attackers to execute arbitrary code on embedded platforms via traﬃc on Port 2947/TCP or crafted JSON inputs. The gpsd can be found in many mobile embedded systems such as Android phones, drones, robot submarines, driverless cars, manned aircraft, marine navigation systems, and military vehicles. This may aﬀect the industries of Communication, Defense Industrial Base, Emergency Services, Transportation Systems, and other sectors.
gpsd Open Source Project
microjson Versions 1.0 to 1.3
gpsd Versions 2.90 to 3.17
The gpsd/microjson project maintainers recommend upgrading to gpsd Version 3.18 or newer and microjson 1.4 or newer to resolve this vulnerability. Further mitigation techniques include: