Candidate: CVE-2018-17937
PublicDate: 2019-03-13 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17937
 https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01
Description:
 gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open
 source project, allow a stack-based buffer overflow, which may allow remote
 attackers to execute arbitrary code on embedded platforms via traffic on
 Port 2947/TCP or crafted JSON inputs.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_gpsd:
 upstream: https://gitlab.com/gpsd/gpsd/commit/7646cbd04055a50b157312ba6b376e88bd398c19
upstream_gpsd: released (3.17-6)
precise/esm_gpsd: DNE
trusty_gpsd: ignored (reached end-of-life)
trusty/esm_gpsd: DNE (trusty was needed)
xenial_gpsd: ignored (end of standard support, was needed)
bionic_gpsd: needed
cosmic_gpsd: ignored (reached end-of-life)
disco_gpsd: ignored (reached end-of-life)
eoan_gpsd: not-affected (3.17-6)
focal_gpsd: not-affected (3.17-6)
groovy_gpsd: not-affected (3.17-6)
hirsute_gpsd: not-affected (3.17-6)
impish_gpsd: not-affected (3.17-6)
jammy_gpsd: not-affected (3.17-6)
devel_gpsd: not-affected (3.17-6)