High severity7.4NVD Advisory· Published Jun 4, 2020· Updated Jun 17, 2026
CVE-2020-13817
CVE-2020-13817
Description
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25- ntp/ntpddescription
- osv-coords23 versionspkg:rpm/opensuse/ntp&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ntp&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ntp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ntp&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ntp&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP2pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/ntp&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/ntp&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ntp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 4.2.8p15-lp151.2.3.1+ 22 more
- (no CPE)range: < 4.2.8p15-lp151.2.3.1
- (no CPE)range: < 4.2.8p15-lp152.3.3.1
- (no CPE)range: < 4.2.8p15-7.2
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-4.10.1
- (no CPE)range: < 4.2.8p15-4.10.1
- (no CPE)range: < 4.2.8p15-64.16.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-4.10.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-4.10.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
- (no CPE)range: < 4.2.8p15-88.1
Patches
Vulnerability mechanics
References
7- www.oracle.com/security-alerts/cpujan2022.htmlnvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.htmlnvdMailing ListThird Party Advisory
- support.ntp.org/bin/view/Main/NtpBug3596nvdVendor Advisory
- bugs.ntp.org/show_bug.cginvdIssue TrackingVendor Advisory
- security.gentoo.org/glsa/202007-12nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20200625-0004/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.