CRITICAL
ntpsec
CVE published 2026-01-02
CVE-2025-67268
CVE-2025-67268 is a critical vulnerability in gpsd, a GPS service daemon, that allows for heap-based out-of-bounds writes. The vulnerability exists in the drivers/driver_nmea2000.c file, specifically in the hnd_129540 function handling NMEA2000 PGN 129540 packets. This function fails to validate user-supplied satellite counts against the size of the skyview array, which has 184 elements. An attacker can e [truncated]