Primary

Context

Kosma Minmea Stack Buffer Overflow Vulnerability

Vulnerability

A stack buffer overflow vulnerability has been identified in Kosma Minmea version 0.3.0. The issue arises in the 'minmea_scan' function, where the format specifier copies NMEA field data to a user-provided buffer without specifying a size limit. This flaw allows for a buffer overflow when the function processes untrusted input, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack buffer overflow, which can lead to arbitrary code execution.

Reproduction

To reproduce this vulnerability, an application must use the 'minmea_scan' function to parse NMEA sentences from an untrusted source, such as a GPS receiver or a serial line. An attacker can spoof the GPS signal or perform a man-in-the-middle attack on the serial line to inject malicious NMEA sentences that contain overly long fields, causing the application's stack buffer to overflow.

Added: May 8, 2026, 6:36 PM

Updated: May 8, 2026, 6:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.0

remediation

0.0

relevance

7.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.0

remediation

0.0

relevance

7.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kosma Minmea Stack Buffer Overflow Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating