Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-7433

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Jan, 2017 | 16:00
Updated At-06 Aug, 2024 | 01:57
Rejected At-
Credits

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Jan, 2017 | 16:00
Updated At:06 Aug, 2024 | 01:57
Rejected At:
▼CVE Numbering Authority (CNA)

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0252.html
vendor-advisory
x_refsource_REDHAT
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
x_refsource_CONFIRM
http://nwtime.org/ntp428p9_release/
x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/633847
third-party-advisory
x_refsource_CERT-VN
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037354
vdb-entry
x_refsource_SECTRACK
https://bto.bluecoat.com/security-advisory/sa139
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94455
vdb-entry
x_refsource_BID
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
vendor-advisory
x_refsource_FREEBSD
http://support.ntp.org/bin/view/Main/NtpBug3067
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/540254/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
vendor-advisory
x_refsource_SUSE
http://www.ubuntu.com/usn/USN-3349-1
vendor-advisory
x_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/
vendor-advisory
x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/
vendor-advisory
x_refsource_FEDORA
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/
vendor-advisory
x_refsource_FEDORA
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/539955/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
x_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
x_refsource_MISC
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2017-0252.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Resource:
x_refsource_CONFIRM
Hyperlink: http://nwtime.org/ntp428p9_release/
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.kb.cert.org/vuls/id/633847
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1037354
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://bto.bluecoat.com/security-advisory/sa139
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/94455
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
Hyperlink: http://support.ntp.org/bin/view/Main/NtpBug3067
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/540254/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.ubuntu.com/usn/USN-3349-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en
Resource:
x_refsource_CONFIRM
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/539955/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2017-0252.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
x_refsource_CONFIRM
x_transferred
http://nwtime.org/ntp428p9_release/
x_refsource_CONFIRM
x_transferred
https://www.kb.cert.org/vuls/id/633847
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1037354
vdb-entry
x_refsource_SECTRACK
x_transferred
https://bto.bluecoat.com/security-advisory/sa139
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/94455
vdb-entry
x_refsource_BID
x_transferred
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
vendor-advisory
x_refsource_FREEBSD
x_transferred
http://support.ntp.org/bin/view/Main/NtpBug3067
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/540254/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.ubuntu.com/usn/USN-3349-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en
x_refsource_CONFIRM
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/539955/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
x_refsource_CONFIRM
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
x_refsource_MISC
x_transferred
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2017-0252.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://nwtime.org/ntp428p9_release/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/633847
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1037354
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://bto.bluecoat.com/security-advisory/sa139
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/94455
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
x_transferred
Hyperlink: http://support.ntp.org/bin/view/Main/NtpBug3067
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/540254/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3349-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/539955/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 Jan, 2017 | 16:59
Updated At:20 Apr, 2025 | 01:37

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
ntp
ntp
>>ntp>>Versions up to 4.2.8(inclusive)
cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-682Primarynvd@nist.gov
CWE ID: CWE-682
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.htmlcve@mitre.org
N/A
http://nwtime.org/ntp428p9_release/cve@mitre.org
Release Notes
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2017-0252.htmlcve@mitre.org
N/A
http://support.ntp.org/bin/view/Main/NtpBug3067cve@mitre.org
Issue Tracking
Mitigation
Vendor Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilitiescve@mitre.org
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-encve@mitre.org
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/539955/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/540254/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/94455cve@mitre.org
N/A
http://www.securitytracker.com/id/1037354cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-3349-1cve@mitre.org
N/A
https://bto.bluecoat.com/security-advisory/sa139cve@mitre.org
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfcve@mitre.org
N/A
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_uscve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/cve@mitre.org
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asccve@mitre.org
N/A
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11cve@mitre.org
N/A
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227cve@mitre.org
N/A
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/cve@mitre.org
N/A
https://www.kb.cert.org/vuls/id/633847cve@mitre.org
Third Party Advisory
US Government Resource
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://nwtime.org/ntp428p9_release/af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2017-0252.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://support.ntp.org/bin/view/Main/NtpBug3067af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Mitigation
Vendor Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilitiesaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-enaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/539955/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/540254/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/94455af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1037354af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-3349-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bto.bluecoat.com/security-advisory/sa139af854a3a-2127-422b-91ae-364da2661108
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_usaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.ascaf854a3a-2127-422b-91ae-364da2661108
N/A
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.kb.cert.org/vuls/id/633847af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://nwtime.org/ntp428p9_release/
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2017-0252.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.ntp.org/bin/view/Main/NtpBug3067
Source: cve@mitre.org
Resource:
Issue Tracking
Mitigation
Vendor Advisory
Hyperlink: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/539955/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/540254/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/94455
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037354
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3349-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bto.bluecoat.com/security-advisory/sa139
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/633847
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://nwtime.org/ntp428p9_release/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2017-0252.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.ntp.org/bin/view/Main/NtpBug3067
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Mitigation
Vendor Advisory
Hyperlink: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/539955/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/540254/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/94455
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037354
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3349-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bto.bluecoat.com/security-advisory/sa139
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/633847
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

36Records found
CVE-2016-9312
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.70% / 90.05%
||
7 Day CHG~0.00%
Published-13 Jan, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.

Action-Not Available
Vendor-ntpn/aMicrosoft Corporation
Product-ntpwindowsn/a
CVE-2018-7182
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.14% / 91.81%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 20:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

Action-Not Available
Vendor-ntpn/aNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxntpelement_softwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-4956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.27% / 84.00%
||
7 Day CHG~0.00%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

Action-Not Available
Vendor-ntpn/aSiemens AGopenSUSESUSENovellOracle Corporation
Product-solarissimatic_net_cp_443-1_opc_ualeapntpopensusemanager_proxyopenstack_cloudsuse_managerlinux_enterprise_desktopsimatic_net_cp_443-1_opc_ua_firmwarelinux_enterprise_servern/a
CVE-2016-4957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-57.88% / 98.09%
||
7 Day CHG~0.00%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Action-Not Available
Vendor-ntpn/aopenSUSESUSENovellOracle Corporation
Product-solarisleapntpopensusemanager_proxyopenstack_cloudsuse_managerlinux_enterprise_desktoplinux_enterprise_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-4953
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.64% / 93.71%
||
7 Day CHG-3.96%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

Action-Not Available
Vendor-ntpn/aSiemens AGopenSUSESUSEOracle Corporation
Product-tim_4r-iesolarissimatic_net_cp_443-1_opc_ualeapntpopensusemanager_proxyopenstack_cloudtim_4r-ie_dnp3_firmwarelinux_enterprise_desktopsimatic_net_cp_443-1_opc_ua_firmwaremanagertim_4r-ie_dnp3tim_4r-ie_firmwarelinux_enterprise_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-4954
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.94% / 91.04%
||
7 Day CHG-1.06%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

Action-Not Available
Vendor-ntpn/aSiemens AGopenSUSESUSEOracle Corporation
Product-tim_4r-iesolarissimatic_net_cp_443-1_opc_ualeapntpopensusemanager_proxyopenstack_cloudtim_4r-ie_dnp3_firmwarelinux_enterprise_desktopsimatic_net_cp_443-1_opc_ua_firmwaremanagertim_4r-ie_dnp3tim_4r-ie_firmwarelinux_enterprise_servern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-1547
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.3||MEDIUM
EPSS-1.88% / 82.41%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

Action-Not Available
Vendor-ntpNTPsec ProjectNTP Project
Product-ntpNTPNTPSec
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2518
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.47% / 80.09%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.FreeBSD FoundationSiemens AG
Product-enterprise_linux_desktoplinuxoncommand_balanceenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapenterprise_linux_server_eusdebian_linuxenterprise_linux_servercommunications_user_data_repositoryntpenterprise_linux_server_ausdata_ontaponcommand_unified_manager_for_clustered_data_ontaponcommand_performance_managerfreebsdsimatic_net_cp_443-1_opc_uasimatic_net_cp_443-1_opc_ua_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-7848
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.96%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-23 May, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.

Action-Not Available
Vendor-ntpn/aNetApp, Inc.
Product-ntpdata_ontap_operating_in_7-modeclustered_data_ontaponcommand_performance_manageroncommand_balanceoncommand_unified_managern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-7979
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.10% / 95.11%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.

Action-Not Available
Vendor-ntpn/a
Product-ntpn/a
CVE-2015-7978
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-28.33% / 96.33%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.

Action-Not Available
Vendor-ntpn/a
Product-ntpn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-7691
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.22% / 90.50%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-oncommand_unified_managerlinuxoncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapenterprise_linux_server_eusdebian_linuxenterprise_linux_serverntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7692
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.32% / 90.58%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-oncommand_unified_managerlinuxoncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapenterprise_linux_server_eusdebian_linuxenterprise_linux_serverntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5219
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.64% / 87.38%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.SUSERed Hat, Inc.Oracle CorporationFedora ProjectopenSUSENovellSiemens AG
Product-enterprise_linux_desktoplinuxenterprise_linux_workstationfedoralinux_enterprise_serverleapenterprise_linux_serverdebian_linuxlinux_enterprise_debuginfotim_4r-ientptim_4r-id_dnp3tim_4r-id_dnp3_firmwareopenstack_cloudmanager_proxyenterprise_linux_hpc_nodetim_4r-ie_firmwareubuntu_linuxmanagern/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2015-5194
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-11.83% / 93.46%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.SUSERed Hat, Inc.Fedora Project
Product-enterprise_linux_desktopenterprise_linux_workstationfedoralinux_enterprise_serveropenstack_cloudenterprise_linux_serverdebian_linuxmanager_proxylinux_enterprise_debuginfoenterprise_linux_hpc_nodeubuntu_linuxntpmanagern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5195
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-10.40% / 92.91%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.Fedora Project
Product-enterprise_linux_desktopenterprise_linux_workstationfedoraenterprise_linux_serverdebian_linuxenterprise_linux_hpc_nodeubuntu_linuxntpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.31% / 78.94%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 18:03
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.

Action-Not Available
Vendor-ntpn/a
Product-ntpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7184
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.02% / 90.35%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 20:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.NetApp, Inc.Synology, Inc.Slackware
Product-vs960hd_firmwarevirtual_diskstation_managerslackware_linuxcloud_backupsteelstore_cloud_integrated_storagediskstation_managerubuntu_linuxrouter_managerskynasntpn/a
CVE-2018-7185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.47% / 93.65%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 20:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.Synology, Inc.Hewlett Packard Enterprise (HPE)NetApp, Inc.Oracle Corporation
Product-fujitsu_m12-2vs960hd_firmwarefujitsu_m12-2_firmwarefujitsu_m10-4fujitsu_m10-1_firmwarediskstation_managerfujitsu_m12-2subuntu_linuxntpfujitsu_m10-1fujitsu_m10-4_firmwarefujitsu_m10-4svs960hdhpux-ntpfujitsu_m12-1virtual_diskstation_managerfujitsu_m12-2s_firmwarefujitsu_m12-1_firmwarefujitsu_m10-4s_firmwaresolidfirerouter_managerskynashcin/a
CVE-2014-9296
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-20.11% / 95.28%
||
7 Day CHG~0.00%
Published-20 Dec, 2014 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.

Action-Not Available
Vendor-ntpn/a
Product-ntpn/a
CVE-2020-11868
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 03:31
Updated-05 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Action-Not Available
Vendor-ntpn/aRed Hat, Inc.openSUSENetApp, Inc.Debian GNU/Linux
Product-all_flash_fabric-attached_storage_8700_firmwarefabric-attached_storage_8700_firmwaredebian_linuxleapfabric-attached_storage_a400virtual_storage_consoledata_ontapall_flash_fabric-attached_storage_a400_firmwarefabric-attached_storage_8300hci_storage_nodeall_flash_fabric-attached_storage_a400hci_storage_node_firmwarefabric-attached_storage_8300_firmwaresolidfirefabric-attached_storage_a400_firmwareall_flash_fabric-attached_storage_8300_firmwarefabric-attached_storage_8700ntpall_flash_fabric-attached_storage_8700clustered_data_ontapall_flash_fabric-attached_storage_8300vasa_provider_for_clustered_data_ontapenterprise_linuxhci_management_noden/a
CWE ID-CWE-346
Origin Validation Error
CVE-2019-8936
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.16% / 91.83%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 15:37
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTP through 4.2.8p12 has a NULL Pointer Dereference.

Action-Not Available
Vendor-ntpn/aopenSUSENetApp, Inc.Fedora ProjectHewlett Packard Enterprise (HPE)
Product-clustered_data_ontapntpdata_ontapfedorahpux-ntpleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-7704
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-53.09% / 97.87%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Citrix (Cloud Software Group, Inc.)McAfee, LLCNetApp, Inc.
Product-oncommand_unified_manageroncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapxenserverenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_security_managerntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7701
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.80% / 91.59%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-oncommand_unified_managerlinuxoncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapenterprise_linux_server_eusdebian_linuxenterprise_linux_serverntpdata_ontapn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2015-5300
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-31.17% / 96.60%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.SUSERed Hat, Inc.Fedora ProjectopenSUSE
Product-enterprise_linux_desktopmanagerlinux_enterprise_desktopenterprise_linux_workstationfedorasuse_linux_enterprise_serverlinux_enterprise_serverleapenterprise_linux_server_eusenterprise_linux_serverdebian_linuxlinux_enterprise_debuginfolinux_enterprise_software_development_kitntpenterprise_linux_hpc_node_eusopenstack_cloudmanager_proxyenterprise_linux_hpc_nodeubuntu_linuxopensusen/a
CVE-2013-5211
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-90.75% / 99.61%
||
7 Day CHG-1.01%
Published-02 Jan, 2014 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

Action-Not Available
Vendor-ntpn/aOracle CorporationopenSUSE
Product-linuxopensusentpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20999
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.62%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 14:25
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results.

Action-Not Available
Vendor-orion_projectn/a
Product-orionn/a
CWE ID-CWE-682
Incorrect Calculation
CVE-2018-18225
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 78.30%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 05:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxleapn/a
CWE ID-CWE-682
Incorrect Calculation
CVE-2022-22138
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.59%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 20:05
Updated-17 Sep, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS)

All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.

Action-Not Available
Vendor-fast_string_search_projectn/a
Product-fast_string_searchfast-string-search
CWE ID-CWE-682
Incorrect Calculation
CVE-2020-28030
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 76.77%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 20:02
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-682
Incorrect Calculation
CVE-2022-30780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-73.16% / 98.73%
||
7 Day CHG-2.13%
Published-11 Jun, 2022 | 14:40
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.

Action-Not Available
Vendor-lighttpdn/a
Product-lighttpdn/a
CWE ID-CWE-682
Incorrect Calculation
CVE-2022-26517
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.67% / 70.49%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:28
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-682
Incorrect Calculation
CVE-2022-23011
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.68%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_i2800big-ip_i2600big-ip_i850big-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-682
Incorrect Calculation
CVE-2021-44491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.79%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 17:24
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation.

Action-Not Available
Vendor-fisglobalyottadbn/a
Product-gt.myottadbn/a
CWE ID-CWE-682
Incorrect Calculation
CVE-2021-44490
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.79%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 17:24
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction.

Action-Not Available
Vendor-fisglobalyottadbn/a
Product-gt.myottadbn/a
CWE ID-CWE-682
Incorrect Calculation
CVE-2021-44504
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.62%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 17:53
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault.

Action-Not Available
Vendor-fisglobaln/a
Product-gt.mn/a
CWE ID-CWE-682
Incorrect Calculation
Details not found