CVE-2004-0657

ntp < 4.0 - Integer Overflow in Date/Time Offset Calculation

Title source: llm
STIX 2.1

Description

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15406
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/584606
Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=108922292425219&w=2

Scores

EPSS 0.0606
EPSS Percentile 90.9%

Details

CWE
CWE-190
Status published
Products (5)
hp/tru64_unix 4.0f patch_kit8
hp/tru64_unix 4.0g patch_kit4
hp/tru64_unix 5.1b patch_kit2 (3 CPE variants)
hp/tru64_unix 51.1a patch_kit6
ntp/ntp < 4.0
Published Aug 06, 2004
Tracked Since Feb 18, 2026