Unrated severityNVD Advisory· Published Apr 11, 2023· Updated Feb 11, 2025

CVE-2023-26552

Description

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Affected products

Ntp/Ntpcpe-rescue
osv-coords4 versions
pkg:rpm/opensuse/ntp&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.2.8p15-150000.4.22.1+ 3 more
- (no CPE)range: < 4.2.8p15-150000.4.22.1
- (no CPE)range: < 4.2.8p15-150000.4.22.1
- (no CPE)range: < 4.2.8p15-100.1
- (no CPE)range: < 4.2.8p15-100.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000