{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-26555", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T11:53:53.912Z", "dateReserved": "2023-02-25T00:00:00", "datePublished": "2023-04-11T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555"}, {"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409"}, {"name": "FEDORA-2023-611a143d5f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/"}, {"name": "FEDORA-2023-c0762a0e57", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:53:53.912Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555", "tags": ["x_transferred"]}, {"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-611a143d5f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/"}, {"name": "FEDORA-2023-c0762a0e57", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*", "matchCriteriaId": "D300A755-9809-4469-8C08-20CB451C83A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver."}], "id": "CVE-2023-26555", "lastModified": "2024-11-21T07:51:44.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-11T21:15:21.830", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ntp: an out-of-bounds write may lead to a DoS", "id": "2186494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186494"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.", "A flaw was found in the NTP package. This flaw allows an attacker to cause a denial of service by remotely sending malicious data packets to the NTP server."], "name": "CVE-2023-26555", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-04-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-26555\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-26555\nhttps://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555"], "statement": "The affected function only sees data that was received via a TTY from a certain GPS receiver, and only if such a GPS receiver is configured in ntp.conf, but it never gets called with data that was received over the network.\nAn exploit would require a manipulated GPS receiver that sends overlong lines to the driver. This means physical access or a compromised host would be needed (if the device allows firmware updates over serial), so we're not looking at an RCE vulnerability here, even on installations that do use this driver.", "threat_severity": "Low"}