CVE-2023-26551

Name of the Vulnerable Software and Affected Versions NTP version 4.2.8p15

Description The issue is related to an out-of-bounds write in the mstolfp function in libntp/mstolfp.c. This can be exploited by sending a specially-crafted request to cause a denial of service. The vulnerability may allow a remote attacker to execute arbitrary code by sending a specially-crafted packet to the NTP server. The mstolfp function is used in the ntpq process, which is a monitoring tool for NTP operations.

Recommendations For NTP version 4.2.8p15, consider disabling the mstolfp() function as a temporary workaround until a patch is available. Restrict access to the libntp/mstolfp.c module to minimize the risk of exploitation. Avoid using the mstolfp function in the ntpq process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.