CVE-2023-26552
First published: Tue Apr 11 2023(Updated: )
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NTP ntp | =4.2.8-p15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-26552?
CVE-2023-26552 is a vulnerability in NTP 4.2.8p15 that allows an out-of-bounds write when adding a decimal point.
What is the severity of CVE-2023-26552?
The severity of CVE-2023-26552 is medium with a CVSS score of 5.6.
How can an adversary exploit CVE-2023-26552?
An adversary can potentially attack a client ntpq process, but cannot attack ntpd.
What is the affected software?
The affected software is NTP 4.2.8p15.
Is there a fix available for CVE-2023-26552?
Yes, you can check the referenced link for more information on fixing CVE-2023-26552.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/weakness
- agent/type
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ntp
- canonical/ntp ntp
- version/ntp ntp/4.2.8-p15