mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
Link | Resource |
---|---|
https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553 | Third Party Advisory |
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321 | Third Party Advisory |
Configurations
History
20 Apr 2023, 14:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.6 |
First Time |
Ntp ntp
Ntp |
|
CWE | CWE-787 | |
References | (MISC) https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553 - Third Party Advisory | |
References | (MISC) https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321 - Third Party Advisory | |
CPE | cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:* |
13 Apr 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. |
11 Apr 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-11 21:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-26553
Mitre link : CVE-2023-26553
CVE.ORG link : CVE-2023-26553
JSON object : View
Products Affected
ntp
- ntp
CWE
CWE-787
Out-of-bounds Write