{"id":"UBUNTU-CVE-2025-67269","details":"An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer-\u003elength = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer-\u003elength` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.","modified":"2026-02-04T03:37:17.589464Z","published":"2026-01-02T16:17:00Z","related":["USN-7948-1"],"upstream":["CVE-2025-67269"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-67269"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-67269"},{"type":"REPORT","url":"https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67269/README.md"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7948-1"}],"affected":[{"package":{"name":"gpsd","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/gpsd@3.15-2build1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.11-3","3.15-2","3.15-2build1"],"ecosystem_specific":{"binaries":[{"binary_name":"gpsd","binary_version":"3.15-2build1"},{"binary_name":"gpsd-clients","binary_version":"3.15-2build1"},{"binary_name":"libgps-dev","binary_version":"3.15-2build1"},{"binary_name":"libgps22","binary_version":"3.15-2build1"},{"binary_name":"libqgpsmm-dev","binary_version":"3.15-2build1"},{"binary_name":"libqgpsmm22","binary_version":"3.15-2build1"},{"binary_name":"python-gps","binary_version":"3.15-2build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-67269.json"}},{"package":{"name":"gpsd","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/gpsd@3.17-5?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.16-4","3.17-3","3.17-5"],"ecosystem_specific":{"binaries":[{"binary_name":"gpsd","binary_version":"3.17-5"},{"binary_name":"gpsd-clients","binary_version":"3.17-5"},{"binary_name":"libgps-dev","binary_version":"3.17-5"},{"binary_name":"libgps23","binary_version":"3.17-5"},{"binary_name":"libqgpsmm-dev","binary_version":"3.17-5"},{"binary_name":"libqgpsmm23","binary_version":"3.17-5"},{"binary_name":"python-gps","binary_version":"3.17-5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-67269.json"}},{"package":{"name":"gpsd","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/gpsd@3.20-8ubuntu0.4?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.17-7","3.19-3","3.20-1","3.20-3","3.20-4","3.20-4build1","3.20-5ubuntu1","3.20-6","3.20-8","3.20-8ubuntu0.1","3.20-8ubuntu0.2","3.20-8ubuntu0.4"],"ecosystem_specific":{"binaries":[{"binary_name":"gpsd","binary_version":"3.20-8ubuntu0.4"},{"binary_name":"gpsd-clients","binary_version":"3.20-8ubuntu0.4"},{"binary_name":"libgps-dev","binary_version":"3.20-8ubuntu0.4"},{"binary_name":"libgps26","binary_version":"3.20-8ubuntu0.4"},{"binary_name":"libqgpsmm-dev","binary_version":"3.20-8ubuntu0.4"},{"binary_name":"libqgpsmm26","binary_version":"3.20-8ubuntu0.4"},{"binary_name":"python3-gps","binary_version":"3.20-8ubuntu0.4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-67269.json"}},{"package":{"name":"gpsd","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/gpsd@3.22-4ubuntu2.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.22-4ubuntu2.1"}]}],"versions":["3.22-4","3.22-4ubuntu1","3.22-4ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"gpsd","binary_version":"3.22-4ubuntu2.1"},{"binary_name":"gpsd-clients","binary_version":"3.22-4ubuntu2.1"},{"binary_name":"gpsd-tools","binary_version":"3.22-4ubuntu2.1"},{"binary_name":"libgps-dev","binary_version":"3.22-4ubuntu2.1"},{"binary_name":"libgps28","binary_version":"3.22-4ubuntu2.1"},{"binary_name":"libqgpsmm-dev","binary_version":"3.22-4ubuntu2.1"},{"binary_name":"libqgpsmm28","binary_version":"3.22-4ubuntu2.1"},{"binary_name":"python3-gps","binary_version":"3.22-4ubuntu2.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-67269.json"}},{"package":{"name":"gpsd","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/gpsd@3.25-3ubuntu3.2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.25-3ubuntu3.2"}]}],"versions":["3.25-2ubuntu2","3.25-3ubuntu2","3.25-3ubuntu3","3.25-3ubuntu3.1"],"ecosystem_specific":{"binaries":[{"binary_name":"gpsd","binary_version":"3.25-3ubuntu3.2"},{"binary_name":"gpsd-clients","binary_version":"3.25-3ubuntu3.2"},{"binary_name":"gpsd-tools","binary_version":"3.25-3ubuntu3.2"},{"binary_name":"libgps-dev","binary_version":"3.25-3ubuntu3.2"},{"binary_name":"libgps30t64","binary_version":"3.25-3ubuntu3.2"},{"binary_name":"libqgpsmm-dev","binary_version":"3.25-3ubuntu3.2"},{"binary_name":"libqgpsmm30t64","binary_version":"3.25-3ubuntu3.2"},{"binary_name":"python3-gps","binary_version":"3.25-3ubuntu3.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-67269.json"}},{"package":{"name":"gpsd","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/gpsd@3.25-5ubuntu1.25.10.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.25-5ubuntu1.25.10.1"}]}],"versions":["3.25-5ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"gpsd","binary_version":"3.25-5ubuntu1.25.10.1"},{"binary_name":"gpsd-clients","binary_version":"3.25-5ubuntu1.25.10.1"},{"binary_name":"gpsd-tools","binary_version":"3.25-5ubuntu1.25.10.1"},{"binary_name":"libgps-dev","binary_version":"3.25-5ubuntu1.25.10.1"},{"binary_name":"libgps30t64","binary_version":"3.25-5ubuntu1.25.10.1"},{"binary_name":"libqgpsmm-dev","binary_version":"3.25-5ubuntu1.25.10.1"},{"binary_name":"libqgpsmm30t64","binary_version":"3.25-5ubuntu1.25.10.1"},{"binary_name":"python3-gps","binary_version":"3.25-5ubuntu1.25.10.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-67269.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}