Search CVE reports


Toggle filters

1 – 10 of 107 results


CVE-2024-38528

Medium priority
Needs evaluation

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an...

1 affected package

rust-ntpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-ntpd Needs evaluation Not in release Not in release
Show less packages

CVE-2023-4012

Medium priority
Needs evaluation

ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).

1 affected package

ntpsec

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntpsec Not affected Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-26555

Medium priority
Needs evaluation

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-26554

Negligible priority
Needs evaluation

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-26553

Negligible priority
Needs evaluation

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-26552

Negligible priority
Needs evaluation

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-26551

Negligible priority
Needs evaluation

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-22212

Low priority
Needs evaluation

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and...

1 affected package

ntpsec

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntpsec Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2020-15025

Medium priority

Some fixes available 1 of 5

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and...

2 affected packages

ntp, ntpsec

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Not affected Fixed Not affected Not affected
ntpsec Not affected Not affected Not affected Not affected Not in release
Show less packages

CVE-2020-13817

Low priority
Needs evaluation

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying...

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages