ICSA-18-310-01
·
Published 2019-02-14
·
View on CISA ICS-CERT ↗
gpsd Open Source Project
CVSS 8.3
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow remote code execution, data exfiltration, or denial-of service via device crash.
CVEs (1)
Remediations
- Platforms which implement stack protector and local variable re-ordering reduce the impact of this vulnerability to availability only.
- gpsd/microjson project maintainers recommend upgrading to gpsd Version 3.18 or newer and microjson 1.4 or newer to resolve this vulnerability.http://download-mirror.savannah.gnu.org/releases/gpsd/http://www.catb.org/esr/microjson/
- For more information visit the gpsd website:http://www.catb.org/gpsd/
Affected Vendors
gpsd Open Source Project
Affected Products (2)
gpsd Open Source Project
·
microjson
>= 1.0 | <= 1.3
gpsd Open Source Project
·
gpsd
>= 2.90 | <= 3.17
Affected Sectors
Communications, Defense Industrial Base, Emergency Services, Transportation Systems, and other sectors
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more