CVE-2016-2519

Published: 30 January 2017

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
ntp
Launchpad, Ubuntu, Debian
Upstream
Released (1:4.2.8p7+dfsg-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:4.2.8p4+dfsg-3ubuntu5.5)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=56c42f8duq9gfoqZ32JJca-MvyCkQA