CVE-2025-67269 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-67269 Interim 1 1 2026-03-05T00:26:10Z current 2026-03-05T00:26:10Z 2026-03-05T00:26:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-67269 An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed gpsd-3.27.3-1.1 gpsd-clients-3.27.3-1.1 gpsd-devel-3.27.3-1.1 gpsd-qt6-devel-3.27.3-1.1 libQgpsmm32-3.27.3-1.1 libgps32-3.27.3-1.1 python3-gpsd-3.27.3-1.1 gpsd-3.27.3-1.1 as a component of openSUSE Tumbleweed gpsd-clients-3.27.3-1.1 as a component of openSUSE Tumbleweed gpsd-devel-3.27.3-1.1 as a component of openSUSE Tumbleweed gpsd-qt6-devel-3.27.3-1.1 as a component of openSUSE Tumbleweed libQgpsmm32-3.27.3-1.1 as a component of openSUSE Tumbleweed libgps32-3.27.3-1.1 as a component of openSUSE Tumbleweed python3-gpsd-3.27.3-1.1 as a component of openSUSE Tumbleweed An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. CVE-2025-67269 openSUSE Tumbleweed:gpsd-3.27.3-1.1 openSUSE Tumbleweed:gpsd-clients-3.27.3-1.1 openSUSE Tumbleweed:gpsd-devel-3.27.3-1.1 openSUSE Tumbleweed:gpsd-qt6-devel-3.27.3-1.1 openSUSE Tumbleweed:libQgpsmm32-3.27.3-1.1 openSUSE Tumbleweed:libgps32-3.27.3-1.1 openSUSE Tumbleweed:python3-gpsd-3.27.3-1.1 important