CVE-2023-26555
First published: Tue Apr 11 2023(Updated: )
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NTP ntp | =4.2.8-p15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555
- https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/
Frequently Asked Questions
What is the severity of CVE-2023-26555?
The severity of CVE-2023-26555 is medium.
What is the affected software of CVE-2023-26555?
The affected software of CVE-2023-26555 is NTP 4.2.8p15.
How can CVE-2023-26555 be exploited?
Exploiting CVE-2023-26555 would require a complex attack method, such as manipulating a GPS receiver.
How can I fix CVE-2023-26555?
There is no available fix for CVE-2023-26555 at the moment. It is recommended to follow any updates or patches provided by the vendor.
Where can I find more information about CVE-2023-26555?
You can find more information about CVE-2023-26555 on the following references: [Link 1](https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555), [Link 2](https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409), [Link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/)
- collector/nvd-index
- vendor/ntp
- canonical/ntp ntp
- version/ntp ntp/4.2.8-p15