Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7434Improper Input Validation in HPE Hpux-ntp

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-39911 documents11 sources
Severity
7.5HIGHNVD
EPSS
62.4%
top 1.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
NTPHPE Hpux-ntp
Timeline
PublishedJan 13
Latest updateMay 13

Description

The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDntp/ntp4.3.04.3.94+2
NVDhpe/hpux-ntpb.11.31c.4.2.8.2.0
Debianntp/ntp< 1:4.2.8p9+dfsg-1

🔴Vulnerability Details

3
GHSA
GHSA-qf57-pg9f-mrmv: The read_mru_list function in NTP before 42022-05-13
CVEList
CVE-2016-7434: The read_mru_list function in NTP before 42017-01-13
OSV
CVE-2016-7434: The read_mru_list function in NTP before 42017-01-13

💥Exploits & PoCs

1
Exploit-DB
NTP 4.2.8p8 - Denial of Service2016-11-21

📋Vendor Advisories

5
Ubuntu
NTP vulnerabilities2017-07-05
BSD
FreeBSD-SA-16:39.ntp: Multiple vulnerabilities of ntp2016-12-22
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 20162016-11-23
Red Hat
ntp: read_mru_list() does inadequate incoming packet checks2016-11-21
Debian
CVE-2016-7434: ntp - The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to caus...2016

💬Community

1
Bugzilla
CVE-2016-7434 ntp: read_mru_list() does inadequate incoming packet checks2016-11-22
CVE-2016-7434 — Improper Input Validation in HPE | cvebase