Debian dla-4441 : gpsd - security update

critical Nessus Plugin ID 291321

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4441 advisory.

[email protected] Subject: [SECURITY] [DLA 4441-1] gpsd security update

- ------------------------------------------------------------------------- Debian LTS Advisory DLA-4441-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaris January 19, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : gpsd Version : 3.22-4+deb11u1 CVE ID : CVE-2025-67268 CVE-2025-67269 Debian Bug : 1124799 1124800

Multiple vulnerabilities were fixed in gpsd a service daemon that monitors one or more GNSS (GPS) or AIS receivers attached to a host computer through serial or USB ports.

CVE-2025-67268

gpsd contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file.
The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.

CVE-2025-67269

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c`.
When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.

For Debian 11 bullseye, these problems have been fixed in version 3.22-4+deb11u1.

We recommend that you upgrade your gpsd packages.

For the detailed security status of gpsd please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/gpsd

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the gpsd packages.

Plugin Details

Severity: Critical

ID: 291321

File Name: debian_DLA-4441.nasl

Version: 1.1

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 1/19/2026

Updated: 1/19/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-67268

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:gpsd, cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libgps28, p-cpe:/a:debian:debian_linux:libgps-dev, p-cpe:/a:debian:debian_linux:libqgpsmm-dev, p-cpe:/a:debian:debian_linux:libqgpsmm28, p-cpe:/a:debian:debian_linux:python3-gps, p-cpe:/a:debian:debian_linux:gpsd-clients, p-cpe:/a:debian:debian_linux:gpsd-tools

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/19/2026

Vulnerability Publication Date: 1/2/2026

Reference Information

CVE: CVE-2025-67268, CVE-2025-67269

IAVA: 2026-A-0033

Detections

Analytics