CVE-2023-26555

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
ntpntp
4.2.8:p15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
vulnerable
buster
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
needs-triage
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ntp
Amazon Linux 2
0:4.2.8p15-3.amzn2.0.7
fixed
ntp-debuginfo
Amazon Linux 2
0:4.2.8p15-3.amzn2.0.7
fixed
ntp-doc
Amazon Linux 2
0:4.2.8p15-3.amzn2.0.7
fixed
ntp-perl
Amazon Linux 2
0:4.2.8p15-3.amzn2.0.7
fixed
ntpdate
Amazon Linux 2
0:4.2.8p15-3.amzn2.0.7
fixed
sntp
Amazon Linux 2
0:4.2.8p15-3.amzn2.0.7
fixed