1129550 – (CVE-2018-17937) VUL-0: CVE-2018-17937: gpsd: stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms

Bug 1129550 (CVE-2018-17937) - VUL-0: CVE-2018-17937: gpsd: stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms

Summary: VUL-0: CVE-2018-17937: gpsd: stack-based buffer overflow, which may allow rem...

Status:	RESOLVED FIXED

Alias:	CVE-2018-17937

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Joerg Reuter
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/226173/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-03-18 09:59 UTC by Karol Babioch
Modified:	2024-06-11 19:15 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2019-03-18 09:59:23 UTC

CVE-2018-17937

gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source
project, allow a stack-based buffer overflow, which may allow remote attackers
to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or
crafted JSON inputs.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17937
https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01
http://www.securityfocus.com/bid/107029

Comment 1 Karol Babioch 2019-03-18 10:03:07 UTC

Based on versions:

- SUSE:SLE-11-SP1:Update ->  2.37 -> Not affected
- openSUSE:Leap:42.3 -> 3.15 -> Affected
- openSUSE:Factory -> 3.18.1 -> Not affected