Ntp

Ntp

99 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2023-26555

  • EPSS 0.47%
  • Published 11.04.2023 21:15:21
  • Last modified 11.02.2025 21:15:11

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.

5.6

CVE-2023-26554

  • EPSS 0.16%
  • Published 11.04.2023 21:15:21
  • Last modified 11.02.2025 16:15:36

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

5.6

CVE-2023-26553

  • EPSS 0.34%
  • Published 11.04.2023 21:15:21
  • Last modified 11.02.2025 16:15:35

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

5.6

CVE-2023-26552

  • EPSS 0.13%
  • Published 11.04.2023 21:15:21
  • Last modified 11.02.2025 16:15:35

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

5.6

CVE-2023-26551

  • EPSS 0.16%
  • Published 11.04.2023 21:15:21
  • Last modified 11.02.2025 16:15:35

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

4.9

CVE-2020-15025

  • EPSS 1.89%
  • Published 24.06.2020 19:15:10
  • Last modified 21.11.2024 05:04:38

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC alg...

7.4

CVE-2020-13817

  • EPSS 0.38%
  • Published 04.06.2020 13:15:11
  • Last modified 05.05.2025 17:15:59

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated ...

5.3

CVE-2018-8956

  • EPSS 1.31%
  • Published 06.05.2020 19:15:12
  • Last modified 21.11.2024 04:14:40

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same b...

7.5

CVE-2020-11868

  • EPSS 0.9%
  • Published 17.04.2020 04:15:10
  • Last modified 05.05.2025 17:15:57

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a vali...

6.5

CVE-2015-7851

Exploit
  • EPSS 0.41%
  • Published 28.01.2020 17:15:12
  • Last modified 21.11.2024 02:37:31

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to ov...