CVE-2020-15025
published 2020-06-24CVE-2020-15025: ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets…
medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ntp | < ntp 1:4.2.8p15-1 (bullseye) | ntp 1:4.2.8p15-1 (bullseye) |
| debian | ntpsec | < ntp 1:4.2.8p15-1 (bullseye) | ntp 1:4.2.8p15-1 (bullseye) |
| ntp | ntp | — | — |
| ntp | ntp | >= 0 < 1:4.2.8p15-1 | 1:4.2.8p15-1 |
| ntp | ntp | >= 4.3.97 < 4.3.101 | 4.3.101 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
osv4.9MEDIUM