Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26552: ntp-4.2.8p15-cves/CVE-2023-26552 at main · spwpun/ntp-4.2.8p15-cves

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

CVE
#vulnerability#google#dos#buffer_overflow

> [Suggested description]

> mstolfp in

> libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point.

>

> ------------------------------------------

>

> [Additional Information]

> There is a buffer overflow error in mstolfp.c:70

>

> ------------------------------------------

>

> [Vulnerability Type]

> Buffer Overflow

>

> ------------------------------------------

>

> [Vendor of Product]

> The NTP Project (R&D)

>

> ------------------------------------------

>

> [Affected Product Code Base]

> ntp - ntp4.2.8p15

>

> ------------------------------------------

>

> [Affected Component]

> libntp, mstolfp

>

> ------------------------------------------

>

> [Attack Type]

> Remote

>

> ------------------------------------------

>

> [Impact Code execution]

> true

>

> ------------------------------------------

>

> [Impact Denial of Service]

> true

>

> ------------------------------------------

>

> [Attack Vectors]

> mstolfp.o belongs to the libntp component. As an upstream library, the libntp component can affect many other components, such as ntpd. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server.

>

> ------------------------------------------

>

> [Reference]

> https://drive.google.com/drive/folders/1vw_Ls_0hQGNx_K5etxUTUDZ4GlAxMByX?usp=sharing

>

> ------------------------------------------

Related news

CVE-2023-43087: DSA-2023-316: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907