A vulnerability in the gpsd service daemon could allow an unauthenticated, adjacent attacker to execute arbitrary code on a targeted system.
The vulnerability is due to insufficient validation of user-suppled input by the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious JSON input to a targeted system through TCP Port 2947. A successful exploit could allow the attacker to execute arbitrary code on the system.
The vendor has confirmed the vulnerability and released software updates.
Security Impact Rating: High