CVE-2013-2038

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Input Validation Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 06/02/14 - Updated on 07/02/14

Description

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2013-2038
Ubuntu USN-1820-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
gpsd_projectgpsd

Share this vulnerability with:

Twitter Facebook LinkedIn Mail