CVE-2025-67269 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-67269 at MITRE

Description

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
CVSS detail	CNA (CISA-ADP)
Base Score	7.5
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1255914 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`gpsd >= 3.27.3-1.1` `gpsd-clients >= 3.27.3-1.1` `gpsd-devel >= 3.27.3-1.1` `gpsd-qt6-devel >= 3.27.3-1.1` `libQgpsmm32 >= 3.27.3-1.1` `libgps32 >= 3.27.3-1.1` `python3-gpsd >= 3.27.3-1.1`	Patchnames: openSUSE-Tumbleweed-2026-10008

SUSE Timeline for this CVE

CVE page created: Fri Jan 2 18:00:08 2026
CVE page last modified: Wed Jan 7 13:00:23 2026