Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Max CVSS
9.8
EPSS Score
2.96%
Published
2018-06-20
Updated
2020-08-24
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
Max CVSS
9.8
EPSS Score
77.88%
Published
2018-03-08
Updated
2021-07-20
CVE-2015-7871
Public exploit
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Max CVSS
9.8
EPSS Score
97.02%
Published
2017-08-07
Updated
2021-04-13
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Max CVSS
9.8
EPSS Score
7.28%
Published
2017-08-07
Updated
2021-07-16
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
Max CVSS
9.8
EPSS Score
1.22%
Published
2017-08-07
Updated
2021-11-17
5 vulnerabilities found