vulnerability
Oracle Linux: CVE-2025-67269: ELSA-2026-0770: gpsd security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jan 2, 2026 | Jan 20, 2026 | Jan 21, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jan 2, 2026
Added
Jan 20, 2026
Modified
Jan 21, 2026
Description
A flaw was found in gpsd. A remote attacker can exploit this vulnerability by sending a specially crafted NAVCOM packet. When parsing the packet, an error in calculating the payload length can cause the system to attempt to process an extremely large amount of data. This leads to excessive CPU utilization, resulting in a Denial of Service (DoS) condition where the system becomes unresponsive.
Solutions
oracle-linux-upgrade-gpsdoracle-linux-upgrade-gpsd-clientsoracle-linux-upgrade-gpsd-minimaloracle-linux-upgrade-gpsd-minimal-clientsoracle-linux-upgrade-python3-gpsd
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.