CVE-2023-26553

Опубликовано: 11 апр. 2023

Источник: nvd

CVSS3: 5.6

EPSS Низкий

Описание

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Ссылки

https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553
Third Party Advisory
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321
Third Party Advisory
https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553
Third Party Advisory
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00429

Низкий

5.6 Medium

CVSS3

Дефекты

CWE-787

Связанные уязвимости

CVE-2023-26553

CVSS3: 5.6

ubuntu

почти 3 года назад

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

CVE-2023-26553

CVSS3: 5.6

redhat

почти 3 года назад

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

CVE-2023-26553

CVSS3: 5.6

debian

почти 3 года назад

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...

GHSA-3j84-rjwj-29h2

CVSS3: 5.6

github

почти 3 года назад

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number.

BDU:2023-02658

CVSS3: 5.6

fstec

почти 3 года назад

Уязвимость функции mstolfp() (libntp/mstolfp.c) программы мониторинга операций ntpq реализации протокола синхронизации времени NTP, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 62%

0.00429

Низкий

5.6 Medium

CVSS3

Дефекты

CWE-787