PT-2023-22652 · Cloudflare · Cfnts

00Xc

Publicado

2023-06-14

Atualizado

2023-06-27

CVE-2023-3036

CVSS v3.1

8.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions github.com/cloudflare/cfnts versions prior to commit 783490b

Description The issue is related to an unchecked read in the NTP server, which allows a remote attacker to trigger a panic by sending an NTSAuthenticator packet with an extension length longer than the packet contents.

Recommendations For versions prior to commit 783490b, update to a version that includes the fix for this issue, specifically commit 783490b or later. As a temporary workaround, consider restricting access to the NTP server to minimize the risk of exploitation.

Correção

Buffer Overflow

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-125

Identificadores relacionados

CVE-2023-3036

GHSA-PWX6-GW47-96CP

Produtos afetados

Cfnts

PT-2023-22652 · Cloudflare · Cfnts

CVE-2023-3036

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5