44 matches found
CVE-2023-26554
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2023-26551
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2023-26554
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
NTP 缓冲区错误漏洞
NTP is a network time protocol from nwtime open source. A security vulnerability exists in NTP version 4.2.8p15, which stems from an out-of-bounds write when adding a decimal point to mstolfp in libntp/mstolfp.c. The vulnerability is caused by the use of an out-of-bounds write when adding a decim...
CVE-2023-26553
CVE-2023-26553 corresponds to an out-of-bounds write in mstolfp.c of libntp (NTP 4.2.8p15). Affected software copies the trailing number in a faulty way, enabling an attacker to potentially compromise a client ntpq process; ntpd is not affected per the sources. Connected documents corroborate the...
CVE-2023-26552
CVE-2023-26552 affects NTP 4.2.8p15 where mstolfp.c can trigger an out-of-bounds write when adding a decimal point. The advisory notes that an attacker could potentially target a client ntpq process but cannot compromise ntpd. Several connected sources (IBM IBM i/security bulletins and Brocade/AS...
CVE-2023-26554
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
PT-2023-2769 · Ntp +4 · Ntp +4
Name of the Vulnerable Software and Affected Versions: NTP versions 4.2.8p15 Description: The issue is related to an out-of-bounds write in the mstolfp function in libntp/mstolfp.c when adding a '0' character. This can be exploited by a remote attacker to potentially execute arbitrary code by...
K43205719: NTP input validation vulnerability CVE-2016-1550
Security Advisory Description An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. CVE-2016-1550...
SUSE CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
Information Disclosure
ntp is vulnerable to information disclosure. The vulnerability exists as the message digest key is retrievable from the flaw of the message authentication functionality of libntp...
Network Time Protocol libntp Message Digest Disclosure Vulnerability(CVE-2016-1550)
SUMMARY An exploitable vulnerability exists in the message authentication functionality of Network Time Protocol libntp. An attacker can send a series of crafted messages to attempt to recover the message digest key. TESTED VERSIONS ntp 4.2.8p4 NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92...
F5 Networks BIG-IP : NTP input validation vulnerability (K43205719)
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. CVE-2016-1550 C Tenable Network Security,...
Design/Logic Flaw
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
DEBIAN-CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
CVE-2016-1550
CVE-2016-1550 exists in the message authentication of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. The root cause is a non-constant-time memory comparison when validating the authentication digest on incoming packets, which can enable a timing attack. An attacker sen...
CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...