CVE-2015-8158 — Improper Restriction of Operations within the Bounds of a Memory Buffer in NTP
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20 — Improper Input ValidationCWE-200 — Sensitive Information ExposureCWE-287 — Improper AuthenticationCWE-399CWE-835 — Infinite LoopCWE-400 — Uncontrolled Resource ConsumptionCWE-770 — Allocation of Resources Without Limits or Throttling15 documents11 sources
Severity
5.9MEDIUMNVD
OSV6.5
EPSS
8.1%
top 7.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 30
Latest updateMay 14
Description
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
4📋Vendor Advisories
7Cisco▶
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016↗2016-01-28