CVE-2023-26555
MEDIUM EPSS 40.3%
Published Apr 11, 20233y ago · Modified Jun 17, 20262w ago
6.4 CVSS 3.1
Published Apr 11, 2023 3y ago
Last Modified Jun 17, 2026 2w ago
Description
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Physical
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
40.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| ntp | ntp | 4.2.8 | any |
References 4
- github.com https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555
- github.com https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.