PatchSiren

ntpsec CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL ntpsec CVE published 2026-01-02

CVE-2025-67268

CVE-2025-67268 is a critical vulnerability in gpsd, a GPS service daemon, that allows for heap-based out-of-bounds writes. The vulnerability exists in the drivers/driver_nmea2000.c file, specifically in the hnd_129540 function handling NMEA2000 PGN 129540 packets. This function fails to validate user-supplied satellite counts against the size of the skyview array, which has 184 elements. An attacker can e [truncated]