Unrated severityOSV Advisory· Published Jan 2, 2026· Updated Jan 6, 2026
CVE-2025-67269
CVE-2025-67269
Description
An integer underflow vulnerability exists in the nextstate() function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer->length = (size_t)c - 4 without checking if the input byte c is less than 4. This results in an unsigned integer underflow, setting lexer->length to a very large value (near SIZE_MAX). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords6 versionspkg:rpm/almalinux/gpsdpkg:rpm/almalinux/gpsd-clientspkg:rpm/almalinux/gpsd-minimalpkg:rpm/almalinux/gpsd-minimal-clientspkg:rpm/almalinux/python3-gpsdpkg:rpm/opensuse/gpsd&distro=openSUSE%20Tumbleweed
< 1:3.26.1-1.el10_1.1+ 5 more
- (no CPE)range: < 1:3.26.1-1.el10_1.1
- (no CPE)range: < 1:3.26.1-1.el10_1.1
- (no CPE)range: < 1:3.26.1-1.el9_7.1
- (no CPE)range: < 1:3.26.1-1.el9_7.1
- (no CPE)range: < 1:3.26.1-1.el10_1.1
- (no CPE)range: < 3.27.3-1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.