High severity7.5NVD Advisory· Published Dec 9, 2016· Updated May 6, 2026

CVE-2016-6301

Description

The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.

Affected products

Busybox/Busybox
cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*
Range: <1.25.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.busybox.net/busybox/commit/nvdIssue TrackingPatch
www.openwall.com/lists/oss-security/2016/08/03/7nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/92277nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
security.gentoo.org/glsa/201701-05nvdThird Party Advisory
packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.htmlnvd
packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlnvd
seclists.org/fulldisclosure/2019/Jun/18nvd
seclists.org/fulldisclosure/2019/Sep/7nvd
seclists.org/fulldisclosure/2020/Aug/20nvd
seclists.org/fulldisclosure/2020/Mar/15nvd
seclists.org/bugtraq/2019/Jun/14nvd
seclists.org/bugtraq/2019/Sep/7nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000