mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
Link | Resource |
---|---|
https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552 | Third Party Advisory |
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2023-04-11 21:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-26552
Mitre link : CVE-2023-26552
CVE.ORG link : CVE-2023-26552
JSON object : View
Products Affected
ntp
- ntp
CWE
CWE-787
Out-of-bounds Write