CVE-2015-7975 — Improper Restriction of Operations within the Bounds of a Memory Buffer in NTP

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131 — Incorrect Calculation of Buffer Size CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure CWE-287 — Improper Authentication CWE-399 CWE-400 — Uncontrolled Resource Consumption23 documents10 sources

Severity

6.2MEDIUMNVD

OSV6.5

EPSS

0.4%

top 38.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP Debian NTP Paloalto Pan-os

Timeline

PublishedJan 30

Latest updateMay 17

Description

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/ntp< ntp 1:4.2.8p7+dfsg-1 (bullseye)

▶Debianntp/ntp< 1:4.2.8p7+dfsg-1

▶Ubuntuntp/ntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10+1

▶NVDntp/ntp4.2.8+89

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-3x6c-8mj8-xj2q: The nextvar function in NTP before 4↗2022-05-17

▶

OSV

CVE-2015-7975: The nextvar function in NTP before 4↗2017-01-30

▶

OSV

ntp vulnerabilities↗2016-10-05

▶

📋Vendor Advisories

Ubuntu

NTP vulnerabilities↗2016-10-05

▶

Palo Alto

PAN-SA-2016-0019 NTP Vulnerabilities↗2016-08-15

▶

Cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016↗2016-01-28

▶

BSD

FreeBSD-SA-16:09.ntp: Multiple vulnerabilities of ntp↗2016-01-27

▶

Red Hat

ntp: nextvar() missing length check in ntpq↗2016-01-20

▶

💬Community

Bugzilla

CVE-2015-7975 ntp: nextvar() missing length check in ntpq↗2016-01-20

▶

Bugzilla

CVE-2015-7974 CVE-2015-8138 CVE-2015-7973 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140 ntp: various flaws [fedora-all]↗2016-01-20

▶