CVE-2013-2038 - Vulnerability Details - OpenCVE

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Gpsd Project	Gpsd

Configuration 1 [-]

OR	cpe:2.3:a:gpsd_project:gpsd::::::::
	cpe:2.3:a:gpsd_project:gpsd:3.0:::::::*
	cpe:2.3:a:gpsd_project:gpsd:3.1:::::::*
	cpe:2.3:a:gpsd_project:gpsd:3.2:::::::*
	cpe:2.3:a:gpsd_project:gpsd:3.3:::::::*
	cpe:2.3:a:gpsd_project:gpsd:3.4:::::::*
	cpe:2.3:a:gpsd_project:gpsd:3.5:::::::*
	cpe:2.3:a:gpsd_project:gpsd:3.6:::::::*
	cpe:2.3:a:gpsd_project:gpsd:3.7:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*

No data.

References

Link	Providers
http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html
http://openwall.com/lists/oss-security/2013/05/02/20
http://openwall.com/lists/oss-security/2013/05/08/1
http://ubuntu.com/usn/usn-1820-1
http://www.osvdb.org/93000
http://www.osvdb.org/93001

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-06T16:00:00

Updated: 2024-08-06T15:20:37.398Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2038

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-02-06T17:00:04.400

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-2038

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-06T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"}, {"name": "93000", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/93000"}, {"name": "USN-1820-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1820-1"}, {"name": "[oss-security] 20130507 Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/05/08/1"}, {"name": "[oss-security] 20130502 Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/05/02/20"}, {"name": "[gpsd-dev] 20130501 3.9 is released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"}, {"name": "93001", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/93001"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2038", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"}, {"name": "93000", "refsource": "OSVDB", "url": "http://www.osvdb.org/93000"}, {"name": "USN-1820-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-1820-1"}, {"name": "[oss-security] 20130507 Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/05/08/1"}, {"name": "[oss-security] 20130502 Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/05/02/20"}, {"name": "[gpsd-dev] 20130501 3.9 is released", "refsource": "MLIST", "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"}, {"name": "93001", "refsource": "OSVDB", "url": "http://www.osvdb.org/93001"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.398Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"}, {"name": "93000", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/93000"}, {"name": "USN-1820-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-1820-1"}, {"name": "[oss-security] 20130507 Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/05/08/1"}, {"name": "[oss-security] 20130502 Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/05/02/20"}, {"name": "[gpsd-dev] 20130501 3.9 is released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"}, {"name": "93001", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/93001"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2038", "datePublished": "2014-02-06T16:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.398Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gpsd_project:gpsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F5DD4A1-8EF3-488D-A04D-615D6DF53E54", "versionEndIncluding": "3.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gpsd_project:gpsd:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "66F36D69-5134-4168-96EA-6698647F21D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gpsd_project:gpsd:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "14F30C7C-E01D-4D61-9432-9031C057B64D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gpsd_project:gpsd:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "16B94CE5-9222-4071-972C-84058398BE57", "vulnerable": true}, {"criteria": "cpe:2.3:a:gpsd_project:gpsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B92FDFB0-E9EA-48D7-AEE9-040722B82B1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gpsd_project:gpsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF0E6F4C-FAE2-4F44-A22E-138C32CD8A0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gpsd_project:gpsd:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "50D3393F-1938-455E-ABC6-83A31B83A975", "vulnerable": true}, {"criteria": "cpe:2.3:a:gpsd_project:gpsd:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "8E0FC04C-6F21-40FE-AA76-AE2C58DE4161", "vulnerable": true}, {"criteria": "cpe:2.3:a:gpsd_project:gpsd:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "A8825DE5-C031-4946-AA25-5AF410E640D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability."}, {"lang": "es", "value": "El driver NMEA0183 en gpsd anterior a 3.9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (finalizaci\u00f3n del demonio) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete GPS con una secuencia interpretada $GPGGA malformada que carece de ciertos campos y de terminador. NOTA: un problema a parte en el driver AIS se ha reportado tambi\u00e9n, pero podr\u00eda no ser una vulnerabilidad."}], "id": "CVE-2013-2038", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-06T17:00:04.400", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"}, {"source": "secalert@redhat.com", "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2013/05/02/20"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2013/05/08/1"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-1820-1"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/93000"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/93001"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2013/05/02/20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2013/05/08/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ubuntu.com/usn/usn-1820-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/93000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/93001"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}