Unrated severityNVD Advisory· Published Feb 6, 2014· Updated Apr 29, 2026

CVE-2013-2038

Description

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.

Affected products

Gpsd Project/Gpsd9 versions
cpe:2.3:a:gpsd_project:gpsd:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:gpsd_project:gpsd:*:*:*:*:*:*:*:*range: <=3.8
- cpe:2.3:a:gpsd_project:gpsd:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gpsd_project:gpsd:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gpsd_project:gpsd:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gpsd_project:gpsd:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gpsd_project:gpsd:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gpsd_project:gpsd:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gpsd_project:gpsd:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gpsd_project:gpsd:3.7:*:*:*:*:*:*:*
Canonical/Ubuntu Linux
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000