CVE-2016-9312Improper Restriction of Operations within the Bounds of a Memory Buffer in NTP

CWE-399CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input Validation7 documents6 sources
Severity
7.5HIGHNVD
EPSS
19.6%
top 4.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
NTPDebian NTP
Timeline
PublishedJan 13
Latest updateMay 17

Description

ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDntp/ntp4.2.8
debiandebian/ntp

🔴Vulnerability Details

1
GHSA
GHSA-qcqx-qrc2-36hm: ntpd in NTP before 42022-05-17

📋Vendor Advisories

4
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 20162016-11-23
Red Hat
ntp: DoS by oversized UDP packet2016-11-21
Debian
CVE-2016-9312: ntp - ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to ...2016
Cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016

💬Community

1
Bugzilla
CVE-2016-9312 ntp: DoS by oversized UDP packet2017-01-04