A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Six years. Gartner® Magic Quadrant™ Leader.Find Out Why
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-67269

CVE-2025-67269: gpsd Integer Underflow DoS Vulnerability

CVE-2025-67269 is an integer underflow flaw in gpsd's packet.c that triggers a denial of service through CPU exhaustion. This article covers the technical details, affected versions, impact analysis, and mitigation.

Updated: January 22, 2026

CVE-2025-67269 Overview

An integer underflow vulnerability exists in the nextstate() function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer->length = (size_t)c - 4 without checking if the input byte c is less than 4. This results in an unsigned integer underflow, setting lexer->length to a very large value (near SIZE_MAX). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.

Critical Impact

Remote attackers can exploit this integer underflow to cause complete CPU exhaustion and denial of service by sending specially crafted NAVCOM packets to gpsd services.

Affected Products

  • gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7

Discovery Timeline

  • 2026-01-02 - CVE CVE-2025-67269 published to NVD
  • 2026-01-06 - Last updated in NVD database

Technical Details for CVE-2025-67269

Vulnerability Analysis

This vulnerability is classified as CWE-191 (Integer Underflow), which occurs when an arithmetic operation attempts to create a numeric value that is smaller than the minimum value the data type can represent. In the case of unsigned integers, this causes the value to wrap around to a very large number.

The vulnerable code path exists within the NAVCOM packet parsing logic of gpsd's packet state machine. The nextstate() function processes incoming bytes and calculates payload lengths for various GPS protocol packets. When handling NAVCOM protocol data, the code subtracts 4 from the input byte value without first validating that the byte is greater than or equal to 4.

Since lexer->length is of type size_t (an unsigned integer type), subtracting 4 from a value less than 4 causes an integer underflow. For example, if the input byte c has a value of 0, the calculation (size_t)0 - 4 wraps around to approximately 18,446,744,073,709,551,612 on 64-bit systems (or 4,294,967,292 on 32-bit systems).

The consequence of this massive length value is that the parser enters a state expecting to receive an enormous number of bytes before completing packet processing. This creates an infinite-like loop condition that consumes 100% CPU resources, effectively causing a denial of service.

Root Cause

The root cause is a missing bounds check before performing arithmetic on user-controlled input. The vulnerable code performs the subtraction lexer->length = (size_t)c - 4 without validating that the byte value c is at least 4. This violates secure coding practices for unsigned integer arithmetic, where input validation must occur before any subtraction operations that could result in underflow.

Attack Vector

An attacker can exploit this vulnerability remotely over the network by sending a malformed NAVCOM packet to a gpsd service. The attack requires crafting a packet where the length byte field contains a value less than 4. When gpsd receives and parses this packet, the integer underflow triggers, causing the parsing loop to attempt processing of an impossibly large number of bytes.

The attack is particularly concerning because:

  1. It requires no authentication to exploit
  2. It can be triggered with a single malformed packet
  3. The resulting CPU exhaustion persists until the gpsd process is terminated
  4. Systems relying on GPS data (navigation, timing synchronization, fleet management) lose functionality

Proof-of-concept details are available at the GitHub CVE-2025-67269 PoC repository.

Detection Methods for CVE-2025-67269

Indicators of Compromise

  • Abnormal CPU utilization (100%) by gpsd process
  • gpsd service becoming unresponsive to legitimate GPS data requests
  • System logs showing gpsd packet parsing anomalies or timeouts
  • Network traffic containing malformed NAVCOM packets with length bytes less than 4

Detection Strategies

  • Monitor gpsd process CPU usage and alert on sustained high utilization exceeding normal operational thresholds
  • Implement network-level inspection for malformed NAVCOM protocol packets targeting gpsd services
  • Deploy application-level monitoring to detect gpsd service unresponsiveness or timeout conditions
  • Use SentinelOne's behavioral AI detection to identify processes exhibiting denial-of-service patterns such as infinite loops

Monitoring Recommendations

  • Configure resource monitoring alerts for gpsd processes with CPU thresholds appropriate to your environment
  • Implement network flow analysis to detect anomalous traffic patterns to gpsd service ports
  • Enable detailed logging for gpsd services to capture packet parsing errors and anomalies
  • Review system health metrics regularly for signs of resource exhaustion attacks

How to Mitigate CVE-2025-67269

Immediate Actions Required

  • Update gpsd to the patched version containing commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7 or later
  • Implement network segmentation to limit access to gpsd services from untrusted networks
  • Configure firewall rules to restrict gpsd service access to known and trusted GPS data sources only
  • Consider running gpsd with resource limits (cgroups, ulimit) to prevent complete system exhaustion

Patch Information

The vulnerability has been addressed in the GPSD GitLab repository through commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. This commit adds proper bounds checking to validate that the input byte value is at least 4 before performing the subtraction operation.

Organizations should update to the latest gpsd release that includes this fix. The specific patch can be reviewed at the GitLab commit page.

Workarounds

  • Restrict network access to gpsd services using firewall rules to allow connections only from trusted GPS devices and internal systems
  • Deploy gpsd behind a reverse proxy or application gateway that can filter malformed packets
  • Run gpsd in a containerized environment with strict resource limits to contain the impact of exploitation
  • Monitor and automatically restart gpsd processes that exhibit abnormal CPU consumption patterns
bash
# Example: Restrict gpsd access using iptables
# Allow only trusted GPS device IP
iptables -A INPUT -p tcp --dport 2947 -s 192.168.1.100 -j ACCEPT
iptables -A INPUT -p tcp --dport 2947 -j DROP

# Example: Run gpsd with CPU resource limits using systemd
# Add to gpsd.service [Service] section:
# CPUQuota=50%
# MemoryLimit=256M

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechGpsd
  • SeverityHIGH
  • CVSS Score7.5
  • EPSS Probability0.06%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-191
  • Technical References
  • GitHub CVE-2025-67269 PoC
  • GitLab GPSD Repository
  • GitLab GPSD Commit Update
  • Related CVEs
  • CVE-2025-67268: Gpsd NMEA2000 Heap Overflow DoS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English