U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*
  • CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2023-26555

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.

Published: April 11, 2023; 5:15:21 PM -0400
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2023-26554

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Published: April 11, 2023; 5:15:21 PM -0400
V3.1: 5.6 MEDIUM
V2.0:(not available)
CVE-2023-26553

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Published: April 11, 2023; 5:15:21 PM -0400
V3.1: 5.6 MEDIUM
V2.0:(not available)
CVE-2023-26552

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Published: April 11, 2023; 5:15:21 PM -0400
V3.1: 5.6 MEDIUM
V2.0:(not available)
CVE-2023-26551

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Published: April 11, 2023; 5:15:21 PM -0400
V3.1: 5.6 MEDIUM
V2.0:(not available)
CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

Published: January 30, 2017; 4:59:00 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM