gpsd Stack-Based Buffer Overflow Remote Code Execution Vulnerability



A vulnerability in the gpsd service daemon could allow an unauthenticated, adjacent attacker to execute arbitrary code on a targeted system.

The vulnerability is due to insufficient validation of user-suppled input by the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious JSON input to a targeted system through TCP Port 2947. A successful exploit could allow the attacker to execute arbitrary code on the system.

The vendor has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-17937

Source:: Cisco Multivendor Vulnerability Alerts