VYPR
Get started
← All advisories
High severity8.8NVD Advisory· Published Aug 7, 2017· Updated May 13, 2026

CVE-2015-7854

CVE-2015-7854

Description

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.

Affected products

23
  • NetApp/Oncommand Balance
    cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Performance Manager
    cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Unified Manager
    cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*
  • Ntp/Ntp18 versions
    cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*range: >=4.2.0,<4.2.8
    • cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
    • cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
  • NetApp/Clustered Data Ontap
    cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
  • NetApp/Data Ontap
    cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.