CVE-2004-0657 — Integer Overflow or Wraparound in NTP

CWE-190 — Integer Overflow or Wraparound6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

6.1%

top 9.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP Debian NTP HP Tru64 Unix

Timeline

PublishedAug 6

Latest updateApr 29

Description

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDntp/ntp< 4.0

▶debiandebian/ntp< ntp 4.0 (bullseye)

▶Debianntp/ntp< 4.0

▶NVDhp/tru64_unix4 versions+3

Patches

Patch: www.kb.cert.org ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-gf48-63xq-mhpr: Integer overflow in the NTP daemon (NTPd) before 4↗2022-04-29

▶

OSV

CVE-2004-0657: Integer overflow in the NTP daemon (NTPd) before 4↗2004-08-06

▶

📋Vendor Advisories

Red Hat

ntp: wrong date/time offset return could lead to integer overflow↗2020-06-18

▶

Debian

CVE-2004-0657: ntp - Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to re...↗2004

▶

💬Community

Bugzilla

CVE-2004-0657 ntp: wrong date/time offset return could lead to integer overflow↗2020-06-24

▶