cbcvebase.
CVE-2015-7849
published 2017-08-07

CVE-2015-7849: Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code…

PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
16.85%
96.7th percentile
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.

Affected

6 ranges
VendorProductVersion rangeFixed in
ciscoproducts_october_2015
debianntp< ntp 1:4.2.8p4+dfsg-1 (bullseye)ntp 1:4.2.8p4+dfsg-1 (bullseye)
ntpntp
ntpntp>= 0 < 1:4.2.8p4+dfsg-11:4.2.8p4+dfsg-1
ntpntp>= 4.2.0 < 4.2.84.2.8
ntpntp>= 4.3.0 < 4.3.774.3.77

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_cisco7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.