Medium severity5.6NVD Advisory· Published Apr 11, 2023· Updated Jun 17, 2026
CVE-2023-26552
CVE-2023-26552
Description
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords4 versionspkg:rpm/opensuse/ntp&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.2.8p15-150000.4.22.1+ 3 more
- (no CPE)range: < 4.2.8p15-150000.4.22.1
- (no CPE)range: < 4.2.8p15-150000.4.22.1
- (no CPE)range: < 4.2.8p15-100.1
- (no CPE)range: < 4.2.8p15-100.1
Patches
Vulnerability mechanics
References
2- github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552nvdThird Party Advisory
- github.com/spwpun/ntp-4.2.8p15-cves/issues/1nvdThird Party Advisory
News mentions
0No linked articles in our index yet.