Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/68498?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68498?format=api", "vulnerability_id": "VCID-pv58-9n2y-y7ab", "summary": "gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling", "aliases": [ { "alias": "CVE-2025-67268" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/97712?format=api", "purl": "pkg:deb/debian/gpsd@3.22-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.22-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97718?format=api", "purl": "pkg:deb/debian/gpsd@3.22-4%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.22-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1023472?format=api", "purl": "pkg:deb/debian/gpsd@3.22-4.1%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.22-4.1%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97710?format=api", "purl": "pkg:deb/debian/gpsd@3.22-4.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.22-4.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97714?format=api", "purl": "pkg:deb/debian/gpsd@3.25-5%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.25-5%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/97713?format=api", "purl": "pkg:deb/debian/gpsd@3.27.5-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.27.5-0.1%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/532905?format=api", "purl": "pkg:deb/debian/gpsd@2.13-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfb-xp7n-ayf7" }, { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@2.13-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/532906?format=api", "purl": "pkg:deb/debian/gpsd@2.33-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfb-xp7n-ayf7" }, { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@2.33-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/532907?format=api", "purl": "pkg:deb/debian/gpsd@2.33-4etch1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfb-xp7n-ayf7" }, { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@2.33-4etch1" }, { "url": "http://public2.vulnerablecode.io/api/packages/532908?format=api", "purl": "pkg:deb/debian/gpsd@2.37-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfb-xp7n-ayf7" }, { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@2.37-7" }, { "url": "http://public2.vulnerablecode.io/api/packages/532909?format=api", "purl": "pkg:deb/debian/gpsd@2.95-8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfb-xp7n-ayf7" }, { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@2.95-8" }, { "url": "http://public2.vulnerablecode.io/api/packages/532910?format=api", "purl": "pkg:deb/debian/gpsd@3.6-4%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfb-xp7n-ayf7" }, { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.6-4%252Bdeb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/532911?format=api", "purl": "pkg:deb/debian/gpsd@3.9-3~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.9-3~bpo70%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/648992?format=api", "purl": "pkg:deb/debian/gpsd@3.11-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.11-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/648993?format=api", "purl": "pkg:deb/debian/gpsd@3.16-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.16-1~bpo8%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/648994?format=api", "purl": "pkg:deb/debian/gpsd@3.16-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4v9g-qxw8-d7ct" }, { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.16-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/648995?format=api", "purl": "pkg:deb/debian/gpsd@3.17-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.17-7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1023471?format=api", "purl": "pkg:deb/debian/gpsd@3.22-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gpsd@3.22-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/95368?format=api", "purl": "pkg:rpm/redhat/gpsd@1:3.25-17.el10_0?arch=1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pv58-9n2y-y7ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/gpsd@1:3.25-17.el10_0%3Farch=1" }, { "url": "http://public2.vulnerablecode.io/api/packages/95366?format=api", "purl": "pkg:rpm/redhat/gpsd@1:3.26.1-1.el10_1?arch=1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/gpsd@1:3.26.1-1.el10_1%3Farch=1" }, { "url": "http://public2.vulnerablecode.io/api/packages/95365?format=api", "purl": "pkg:rpm/redhat/gpsd-minimal@1:3.26.1-1.el9_7?arch=1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pv58-9n2y-y7ab" }, { "vulnerability": "VCID-tgfy-9k4r-ufcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/gpsd-minimal@1:3.26.1-1.el9_7%3Farch=1" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67268.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67268.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67268", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37104", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37169", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37176", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37144", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67268" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67268" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124800", "reference_id": "1124800", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124800" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426835", "reference_id": "2426835", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426835" }, { "reference_url": "https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4", "reference_id": "dc966aa74c075d0a6535811d98628625cbfbe3f4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T16:33:31Z/" } ], "url": "https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4" }, { "reference_url": "https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c", "reference_id": "driver_nmea2000.c", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T16:33:31Z/" } ], "url": "https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c" }, { "reference_url": "https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md", "reference_id": "README.md", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T16:33:31Z/" } ], "url": "https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0770", "reference_id": "RHSA-2026:0770", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0771", "reference_id": "RHSA-2026:0771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1621", "reference_id": "RHSA-2026:1621", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1621" }, { "reference_url": "https://usn.ubuntu.com/7948-1/", "reference_id": "USN-7948-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7948-1/" } ], "weaknesses": [ { "cwe_id": 1285, "name": "Improper Validation of Specified Index, Position, or Offset in Input", "description": "The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties." } ], "exploits": [], "severity_range_score": "7.5 - 9.8", "exploitability": "0.5", "weighted_severity": "8.8", "risk_score": 4.4, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pv58-9n2y-y7ab" }