The NCCIC has published an advisory on a stack-based buffer overflow vulnerability in gpsd Open Source Project. For gpsd, versions 1.0 to 1.3 are affected. For microjson, versions 1.0 to 1.3 are affected. Successful exploitation of this vulnerability could allow remote code execution, data exfiltration, or denial-of service via device crash. gpsd/microjson project maintainers recommend upgrading to gpsd Version 3.18 or newer and microjson 1.4 or newer to resolve this vulnerability. The NCCIC advises that Platforms which implement stack protector and local variable re-ordering reduce the impact of this vulnerability to availability only. It also recommends a series of mitigating measures for these vulnerabilities. Read the advisory at NCCIC/ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!