Lucene search

[email protected]NVD:CVE-2015-8158

HistoryJan 30, 2017 - 9:59 p.m.

CVE-2015-8158

2017-01-3021:59:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.012

Percentile

85.2%

JSON

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.

Affected configurations

NVD

Node

ntpntpRange≤4.2.8p5

ntpntpMatch4.3.0

ntpntpMatch4.3.1

ntpntpMatch4.3.2

ntpntpMatch4.3.3

ntpntpMatch4.3.4

ntpntpMatch4.3.5

ntpntpMatch4.3.6

ntpntpMatch4.3.7

ntpntpMatch4.3.8

ntpntpMatch4.3.10

ntpntpMatch4.3.11

ntpntpMatch4.3.12

ntpntpMatch4.3.13

ntpntpMatch4.3.14

ntpntpMatch4.3.15

ntpntpMatch4.3.16

ntpntpMatch4.3.17

ntpntpMatch4.3.18

ntpntpMatch4.3.19

ntpntpMatch4.3.20

ntpntpMatch4.3.21

ntpntpMatch4.3.22

ntpntpMatch4.3.23

ntpntpMatch4.3.24

ntpntpMatch4.3.25

ntpntpMatch4.3.26

ntpntpMatch4.3.27

ntpntpMatch4.3.28

ntpntpMatch4.3.29

ntpntpMatch4.3.30

ntpntpMatch4.3.31

ntpntpMatch4.3.32

ntpntpMatch4.3.33

ntpntpMatch4.3.34

ntpntpMatch4.3.35

ntpntpMatch4.3.36

ntpntpMatch4.3.37

ntpntpMatch4.3.38

ntpntpMatch4.3.39

ntpntpMatch4.3.40

ntpntpMatch4.3.41

ntpntpMatch4.3.42

ntpntpMatch4.3.43

ntpntpMatch4.3.44

ntpntpMatch4.3.45

ntpntpMatch4.3.46

ntpntpMatch4.3.47

ntpntpMatch4.3.48

ntpntpMatch4.3.49

ntpntpMatch4.3.50

ntpntpMatch4.3.51

ntpntpMatch4.3.52

ntpntpMatch4.3.53

ntpntpMatch4.3.54

ntpntpMatch4.3.55

ntpntpMatch4.3.56

ntpntpMatch4.3.57

ntpntpMatch4.3.58

ntpntpMatch4.3.59

ntpntpMatch4.3.60

ntpntpMatch4.3.61

ntpntpMatch4.3.62

ntpntpMatch4.3.63

ntpntpMatch4.3.64

ntpntpMatch4.3.65

ntpntpMatch4.3.66

ntpntpMatch4.3.67

ntpntpMatch4.3.68

ntpntpMatch4.3.69

ntpntpMatch4.3.70

ntpntpMatch4.3.71

ntpntpMatch4.3.72

ntpntpMatch4.3.73

ntpntpMatch4.3.74

ntpntpMatch4.3.75

ntpntpMatch4.3.76

ntpntpMatch4.3.77

ntpntpMatch4.3.78

ntpntpMatch4.3.79

ntpntpMatch4.3.80

ntpntpMatch4.3.81

ntpntpMatch4.3.82

ntpntpMatch4.3.83

ntpntpMatch4.3.84

ntpntpMatch4.3.85

ntpntpMatch4.3.86

ntpntpMatch4.3.87

ntpntpMatch4.3.88

ntpntpMatch4.3.89

References

rhn.redhat.com/errata/RHSA-2016-2583.html

support.ntp.org/bin/view/Main/NtpBug2948

www.debian.org/security/2016/dsa-3629

www.securityfocus.com/bid/81814

www.securitytracker.com/id/1034782

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us

security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

security.gentoo.org/glsa/201607-15

security.netapp.com/advisory/ntap-20171031-0001/

www.kb.cert.org/vuls/id/718152

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.012

Percentile

85.2%

JSON

Related for NVD:CVE-2015-8158