The NCCIC has published an advisory on a stack-based buffer overflow vulnerability in gpsd Open Source Project. For gpsd, versions 1.0 to 1.3 are affected. For microjson, versions 1.0 to 1.3 are affected. Successful exploitation of this vulnerability could allow remote code execution, data exfiltration, or denial-of service via device crash. gpsd/microjson project maintainers recommend upgrading to gpsd Version 3.18 or newer and microjson 1.4 or newer to resolve this vulnerability. The NCCIC advises that Platforms which implement stack protector and local variable re-ordering reduce the impact of this vulnerability to availability only. It also recommends a series of mitigating measures for these vulnerabilities. Read the advisory at NCCIC/ICS-CERT.
You are here
Related Resources
Dec 12, 2024 in Cybersecurity, in Federal & State Resources, in Security Preparedness
Dec 12, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness
Dec 12, 2024 in Cybersecurity, in OT-ICS Security, in Federal & State Resources
