mailing list archives
CVE Request -- gpsd 3.9 fixing a denial of service flaw
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 2 May 2013 05:58:48 -0400 (EDT)
Hello Kurt, Steve, Eric, Miroslav, vendors,
GPSD upstream has released 3.9 version:
correcting one denial of service problem :
A denial of service flaw was found in the way AIS driver packet parser of
gpsd, a service daemon for mediating access to a GPS, processed certain
malformed packets. A remote attacker could provide a specially-crafted
device input that, when processed would lead to gpsd's packet parser
crash (gpsd daemon termination).
Candidate upstream patches [*]:
[*] Candidate because upstream #38511 is private currently:
http://savannah.nongnu.org/bugs/?38511 => hard to say
if  is fixing this issue, or the DoS would be caused
by the malformed packet crash / sample, as listed in .
@Eric - Eric, could you please help us to solve this doubt? (which
of the patches is the correct one to fix the above mentioned DoS
/ security issue)
Thanks: Goes to Miroslav Lichvar for bringing this one to my attention.
Kurt, could you allocate a CVE identifier for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
- CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 02)