Unchecked Read Vulnerability in NTP Server Allows Remote Panic Trigger

Unchecked Read Vulnerability in NTP Server Allows Remote Panic Trigger

CVE-2023-3036 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71  enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents.

Learn more about our Cis Benchmark Audit For Server Software.