High severity7.5NVD Advisory· Published Jan 30, 2017· Updated May 13, 2026
CVE-2015-7978
CVE-2015-7978
Description
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
Affected products
90cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*+ 89 more
- cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*range: <=4.2.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
24- lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0780.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-2583.htmlnvdThird Party Advisory
- support.ntp.org/bin/view/Main/SecurityNoticenvdVendor Advisory
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdnvdThird Party Advisory
- www.debian.org/security/2016/dsa-3629nvdThird Party Advisory
- www.securityfocus.com/bid/81962nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034782nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-3096-1nvdThird Party Advisory
- bto.bluecoat.com/security-advisory/sa113nvdThird Party Advisory
- security.gentoo.org/glsa/201607-15nvdThird Party Advisory
- www.kb.cert.org/vuls/id/718152nvdThird Party AdvisoryUS Government Resource
- www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvd
- security.freebsd.org/advisories/FreeBSD-SA-16:09.ntp.ascnvd
- security.netapp.com/advisory/ntap-20171031-0001/nvd
News mentions
0No linked articles in our index yet.