network time foundation

Networking Infrastructureoss-project

Cumulative CVEs

Monthly snapshots

#92

Peak rank

Trend history

Full timeline

Top products

ntp5

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting network time foundation.

CVE-2024-2169Implementations of UDP application protocols are susceptible to network loops and denial of service7.5Mar 19, 2024
CVE-2023-26555praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.6.4Apr 11, 2023
CVE-2023-26554mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.5.6Apr 11, 2023
CVE-2023-26553mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.5.6Apr 11, 2023
CVE-2023-26552mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.5.6Apr 11, 2023
CVE-2023-26551mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.5.6Apr 11, 2023
CVE-2020-15025ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations wh...4.4Jun 24, 2020
CVE-2020-13817ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed pa...7.4Jun 4, 2020
CVE-2018-8956ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 pack...5.3May 6, 2020
CVE-2020-11868ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmis...7.5Apr 17, 2020
CVE-2019-8936NTP through 4.2.8p12 has a NULL Pointer Dereference.7.5May 15, 2019
CVE-2019-11331Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.8.1Apr 18, 2019
CVE-2018-12327Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or ...9.8Jun 20, 2018
CVE-2018-7183Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted...9.8Mar 8, 2018
CVE-2018-7185The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP addre...7.5Mar 6, 2018