Published: 06/01/2017 Updated: 10/11/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ntp ntp-dev 4.3.70

An integer overflow can occur in NTP-dev4370 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet The crafted packet needs to have the correct message authentication code and a valid timestamp When processed by the NTP daemon, it leads to an immediate crash ...

Multiple Cisco products incorporate a version of the ntpd package Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server On October 21st, 2 ...

CWE-190 http://www.talosintelligence.com/reports/TALOS-2015-0052/http://www.securityfocus.com/bid/77275 https://security.gentoo.org/glsa/201607-15 http://www.securitytracker.com/id/1033951 https://security.netapp.com/advisory/ntap-20171004-0001/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-7848 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

CVE-2015-7848

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect