Spwpun

**Name of the Vulnerable Software and Affected Versions** NTP version 4.2.8p15 **Description** The issue is related to an out-of-bounds write in the `mstolfp` function in `libntp/mstolfp.c`. This can be exploited by sending a specially-crafted request to cause a denial of service. The vulnerability may allow a remote attacker to execute arbitrary code by sending a specially-crafted packet to the NTP server. The `mstolfp` function is used in the ntpq process, which is a monitoring tool for NTP operations. **Recommendations** For NTP version 4.2.8p15, consider disabling the `mstolfp()` function as a temporary workaround until a patch is available. Restrict access to the `libntp/mstolfp.c` module to minimize the risk of exploitation. Avoid using the `mstolfp` function in the ntpq process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NTP versions 4.2.8p15 **Description** The issue is related to an out-of-bounds write in the `mstolfp()` function when adding a decimal point. This can be exploited by an adversary to potentially execute arbitrary code by sending a specially crafted packet to the NTP server. The vulnerability affects the ntpq process, but not the ntpd process. **Recommendations** For NTP version 4.2.8p15, consider disabling the `mstolfp()` function in libntp/mstolfp.c as a temporary workaround until a patch is available. Restrict access to the ntpq process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Frrouting frr-bgpd version 8.3.0 **Description** A reachable assertion was found in the `peek for as4 capability` function, which can be exploited by attackers to maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in a denial of service. The issue is related to the insufficient use of the `assert()` function. This can allow a remote attacker to cause a service disruption. **Recommendations** For Frrouting frr-bgpd version 8.3.0, as a temporary workaround, consider disabling the `peek for as4 capability` function until a patch is available. Restrict access to the BGP peers to minimize the risk of exploitation. Avoid using the vulnerable function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.