Headline
CVE-2023-26555: ntp-4.2.8p15-cves/CVE-2023-26555 at main · spwpun/ntp-4.2.8p15-cves
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
> [Suggested description]
> praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Buffer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> The NTP Project (R&D)
>
> ------------------------------------------
>
> [Affected Product Code Base]
> ntp - ntp4.2.8p15
>
> ------------------------------------------
>
> [Affected Component]
> ntpd
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> An attacker can cause a denial of service by remotely sending malicious data packets to the ntp server.
>
> ------------------------------------------
>
> [Reference]
> https://drive.google.com/drive/folders/1TRNlht66uBpHxOK6RjdkiMQEIwLdAfsN?usp=sharing
>
> ------------------------------------------