Your submission was sent successfully! Close

CVE-2016-2519

Published: 30 January 2017

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.

Notes

AuthorNote
mdeslaur
trusty doesn't use ctl_getitem without checking the return code
Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
ntp
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (1:4.2.8p7+dfsg-1)
wily Ignored
(reached end-of-life)
xenial
Released (1:4.2.8p4+dfsg-3ubuntu5.5)
yakkety Not vulnerable
(1:4.2.8p8+dfsg-1ubuntu2)
zesty Not vulnerable
(1:4.2.8p8+dfsg-1ubuntu2)
Patches:
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=56c42f8duq9gfoqZ32JJca-MvyCkQA