Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
Max CVSS
8.1
EPSS Score
1.40%
Published
2019-04-18
Updated
2020-08-24
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Max CVSS
9.8
EPSS Score
2.96%
Published
2018-06-20
Updated
2020-08-24
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
Max CVSS
9.8
EPSS Score
77.88%
Published
2018-03-08
Updated
2021-07-20
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
Max CVSS
8.8
EPSS Score
0.53%
Published
2017-03-27
Updated
2017-10-24
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
Max CVSS
8.8
EPSS Score
0.49%
Published
2017-03-27
Updated
2021-07-12
CVE-2015-7871
Public exploit
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Max CVSS
9.8
EPSS Score
97.02%
Published
2017-08-07
Updated
2021-04-13
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
Max CVSS
8.8
EPSS Score
0.84%
Published
2017-08-07
Updated
2020-06-18
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Max CVSS
9.8
EPSS Score
7.28%
Published
2017-08-07
Updated
2021-07-16
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
Max CVSS
8.8
EPSS Score
1.01%
Published
2017-08-07
Updated
2020-06-18
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
Max CVSS
9.8
EPSS Score
1.22%
Published
2017-08-07
Updated
2021-11-17
10 vulnerabilities found