CVE-2013-2038
EPSS 2.0%
Description
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
How to fix CVE-2013-2038
To remediate CVE-2013-2038, upgrade the affected package to a fixed version below.
- Debian/gpsd—upgrade to 3.6-5 or later
Is CVE-2013-2038 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.6-5