Skip to main content

kosma minmea CVE-2026-29974

| EUVDEUVD-2026-28786 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-08 mitre GHSA-9p5f-57xg-vg2m
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 19:23 vuln.today
CVSS changed
May 08, 2026 - 19:22 NVD
7.5 (HIGH)
CVE Published
May 08, 2026 - 00:00 nvd
UNKNOWN (no severity yet)
CVE Published
May 08, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan on untrusted input are vulnerable to a stack buffer overflow.

AnalysisAI

Stack buffer overflow in kosma minmea 0.3.0 allows remote unauthenticated attackers to cause denial of service through crafted NMEA field data. The minmea_scan function's format specifier copies data to caller-provided buffers without size validation, enabling memory corruption when processing untrusted NMEA GPS sentences. CVSS 7.5 (High) with network attack vector and low complexity, though impact is currently limited to availability (DoS). Public exploit demonstration exists via GitHub Gist reference. EPSS data not available, not listed in CISA KEV at time of analysis.

Technical ContextAI

Minmea is a lightweight C library for parsing NMEA 0183 GPS sentences, commonly used in embedded systems and IoT devices for GPS data processing. The vulnerability resides in the minmea_scan function's format specifier implementation (lines 231-240 in minmea.c), which performs unbounded string copies when extracting field data from NMEA sentences. The function uses scanf-style format specifiers without length constraints, violating secure coding practices for C string handling. This is classified as CWE-121 (Stack-based Buffer Overflow), a critical memory safety defect in languages without automatic bounds checking. The affected component processes NMEA protocol data streams - standardized ASCII text messages from GPS/GNSS receivers containing position, time, and navigation information. CPE data shows extremely generic tagging (n/a:n/a), indicating limited vendor/product metadata in NVD at time of publication, consistent with small open-source library cataloging practices.

RemediationAI

Update to minmea version later than 0.3.0 if a patched release is available - verify current version at https://github.com/kosma/minmea/releases and review commit history for buffer overflow fixes. No specific patched version number is confirmed in available CVE references at time of analysis, requiring manual verification with upstream maintainer. If immediate patching is not feasible, implement input validation wrapper functions that enforce maximum field lengths before calling minmea_scan, though this requires source code modification and thorough testing to avoid breaking GPS functionality. Alternative mitigation: restrict NMEA input sources to trusted local GPS hardware only, blocking network-sourced NMEA streams entirely through firewall rules or application-level input filtering - this eliminates remote attack vector (AV:N) but may break legitimate use cases requiring networked GPS data. For systems that must process untrusted NMEA input, consider migrating to alternative NMEA parsing libraries with demonstrated secure string handling (e.g., gpsd's parser, libnmea). Compile applications with stack canaries (gcc -fstack-protector-strong) and ASLR enabled as defense-in-depth measures to detect/mitigate exploitation attempts - note these do not eliminate the vulnerability but increase exploitation difficulty. Review the exploit demonstration at https://gist.github.com/dwilliams27/6d4d8077b970f35e1a921c897ce13852 to understand attack vectors and validate mitigation effectiveness.

Share

CVE-2026-29974 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy