Search CVE reports
1 – 10 of 107 results
CVE-2024-38528
Medium prioritynptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an...
1 affected package
rust-ntpd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-ntpd | Needs evaluation | Not in release | Not in release | — | — |
CVE-2023-4012
Medium priorityntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).
1 affected package
ntpsec
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ntpsec | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-26555
Medium prioritypraecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
1 affected package
ntp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ntp | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-26554
Negligible prioritymstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
1 affected package
ntp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ntp | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-26553
Negligible prioritymstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
1 affected package
ntp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ntp | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-26552
Negligible prioritymstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
1 affected package
ntp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ntp | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-26551
Negligible prioritymstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
1 affected package
ntp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ntp | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-22212
Low priorityntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and...
1 affected package
ntpsec
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ntpsec | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2020-15025
Medium prioritySome fixes available 1 of 5
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and...
2 affected packages
ntp, ntpsec
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ntp | Not in release | Not affected | Fixed | Not affected | Not affected |
ntpsec | Not affected | Not affected | Not affected | Not affected | Not in release |
CVE-2020-13817
Low priorityntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying...
1 affected package
ntp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ntp | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |