CVE-2023-26555

MEDIUM EPSS 40.3%
Published Apr 11, 20233y ago · Modified Jun 17, 20262w ago
6.4 CVSS 3.1
Medium
Find Similar
Published Apr 11, 2023 3y ago
Last Modified Jun 17, 2026 2w ago

Description

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.

CVSS Details

Base Score
6.4
Exploitability
0.5
Impact
5.9
Vector string
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Physical
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
40.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
ntpntp4.2.8any

References 4

  • github.com https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555
    Third Party Advisory
  • github.com https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409
    Issue Tracking
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.