CVE-2023-26554
First published: Tue Apr 11 2023(Updated: )
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NTP ntp | =4.2.8-p15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-26554?
The severity of CVE-2023-26554 is medium with a CVSS score of 5.6.
What is the affected software of CVE-2023-26554?
The affected software of CVE-2023-26554 is NTP version 4.2.8-p15.
How can an adversary attack CVE-2023-26554?
An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
Is there a fix available for CVE-2023-26554?
Yes, a fix for CVE-2023-26554 is available.
What is the CWE ID of CVE-2023-26554?
The CWE ID of CVE-2023-26554 is CWE-787.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ntp
- canonical/ntp ntp
- version/ntp ntp/4.2.8-p15