Security
Security
A vulnerability in gpsd could allow remote code execution.
| Package | sci-geosciences/gpsd on all architectures |
|---|---|
| Affected versions | < 3.18 |
| Unaffected versions | >= 3.18 |
gpsd is a GPS daemon and library for USB/serial GPS devices and GPS/mapping clients.
A stack-based buffer overflow was discovered in gpsd on port 2947/TCP or crafted JSON inputs.
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
There is no known workaround at this time.
All gpsd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sci-geosciences/gpsd-3.18"
Release date
September 29, 2020
Latest revision
September 29, 2020: 1
Severity
normal
Exploitable
remote
Bugzilla entries