Unrated severityNVD Advisory· Published Jan 6, 2017· Updated Aug 6, 2024

CVE-2015-7848

Description

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.

Affected products

osv-coords18 versions
pkg:rpm/opensuse/ntp&distro=openSUSE%20Tumbleweed pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/ntp&distro=SUSE%20Manager%202.1 pkg:rpm/suse/ntp&distro=SUSE%20Manager%20Proxy%202.1 pkg:rpm/suse/ntp&distro=SUSE%20OpenStack%20Cloud%205 pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 4.2.8p9-1.1+ 17 more
- (no CPE)range: < 4.2.8p9-1.1
- (no CPE)range: < 4.2.8p4-5.1
- (no CPE)range: < 4.2.8p6-46.5.2
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p4-5.1
- (no CPE)range: < 4.2.8p6-46.5.2
- (no CPE)range: < 4.2.8p4-5.1
- (no CPE)range: < 4.2.8p6-46.5.2
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 3.1.12.4-8.2
- (no CPE)range: < 2.17.14.1-1.12.1
- (no CPE)range: < 3.1.12.4-8.2
- (no CPE)range: < 3.1.12.4-8.2
- (no CPE)range: < 3.1.12.4-8.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/201607-15mitrevendor-advisoryx_refsource_GENTOO
www.securityfocus.com/bid/77275mitrevdb-entryx_refsource_BID
www.securitytracker.com/id/1033951mitrevdb-entryx_refsource_SECTRACK
www.talosintelligence.com/reports/TALOS-2015-0052/mitrex_refsource_MISC
security.netapp.com/advisory/ntap-20171004-0001/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000