CVE-2023-43628: Integer Underflow (Wrap or Wraparound)

December 5, 2023 (updated December 11, 2023)

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.

References

nvd.nist.gov/vuln/detail/CVE-2023-43628
talosintelligence.com/vulnerability_reports/TALOS-2023-1860

Detect and mitigate CVE-2023-43628 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →