cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
Source: MITRE
Max CVSS
7.4
EPSS Score
5.90%
Published
2020-06-04
Updated
2022-03-29
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
Source: MITRE
Max CVSS
7.5
EPSS Score
3.26%
Published
2020-04-17
Updated
2022-04-26
NTP through 4.2.8p12 has a NULL Pointer Dereference.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.76%
Published
2019-05-15
Updated
2020-10-07
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
Source: MITRE
Max CVSS
7.5
EPSS Score
3.22%
Published
2018-03-06
Updated
2020-08-24
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
Source: MITRE
Max CVSS
7.5
EPSS Score
3.99%
Published
2018-03-06
Updated
2020-08-24
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
Source: MITRE
Max CVSS
9.8
EPSS Score
71.68%
Published
2018-03-08
Updated
2021-07-20
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
Source: MITRE
Max CVSS
7.5
EPSS Score
10.97%
Published
2018-03-06
Updated
2019-10-31
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.49%
Published
2017-03-27
Updated
2021-07-12
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
Source: MITRE
Max CVSS
7.5
EPSS Score
96.46%
Published
2017-01-13
Updated
2020-06-18
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
Source: MITRE
Max CVSS
4.3
EPSS Score
1.00%
Published
2017-01-13
Updated
2019-01-24
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
Source: MITRE
Max CVSS
4.3
EPSS Score
1.00%
Published
2017-01-13
Updated
2019-01-24
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
Source: MITRE
Max CVSS
7.5
EPSS Score
5.77%
Published
2017-01-13
Updated
2020-06-18
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
Source: MITRE
Max CVSS
7.5
EPSS Score
92.31%
Published
2016-07-05
Updated
2020-06-18
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
Source: MITRE
Max CVSS
5.3
EPSS Score
2.34%
Published
2016-07-05
Updated
2021-07-16
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
Source: MITRE
Max CVSS
5.9
EPSS Score
2.11%
Published
2016-07-05
Updated
2021-07-16
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
Source: MITRE
Max CVSS
7.5
EPSS Score
2.64%
Published
2016-07-05
Updated
2021-07-16
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
Source: MITRE
Max CVSS
7.5
EPSS Score
3.25%
Published
2016-07-05
Updated
2021-07-16
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.31%
Published
2017-01-30
Updated
2021-06-10
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
Source: MITRE
Max CVSS
5.9
EPSS Score
1.63%
Published
2017-01-30
Updated
2022-02-01
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!