VDB
CVE-2023-4012
CVE-2023-4012
PUBLISHED
CVSS 7.5 HIGH
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).
EPSS 0.20% · 42.0th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.20%
42.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NTPsec | ntpsec | 1.2.2 |
| ntpsec | ntpsec | 1.2.2 |
Timeline
- Aug 7, 2023 CVE Published
- Aug 8, 2023 EPSS Score
- Sep 11, 2023 EPSS Score
- Oct 14, 2023 EPSS Score
- Dec 20, 2023 EPSS Score
- Jan 23, 2024 EPSS Score
- Feb 26, 2024 EPSS Score
- Mar 30, 2024 EPSS Score
- May 3, 2024 EPSS Score
- Jul 9, 2024 EPSS Score
- Aug 11, 2024 EPSS Score
- Sep 14, 2024 EPSS Score
References
- GitLab Issue #794 issue
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038422 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-4012 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OC2KDNL4GO7MDAFSNWBQA4T2Q2VNPUJD url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQDOZSTH2AZXBO2QAVR2SZEMK2A7WBRB url