5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.01 Low
EPSS
Percentile
83.4%
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication
is enabled, allows remote attackers to obtain sensitive information from
process memory or cause a denial of service (daemon crash) via a packet
containing an extension field with an invalid value for the length of its
value field.
Author | Note |
---|---|
sbeattie | autokey auth is not configured on by default |
mdeslaur | this used to be known as CVE-2014-9297, patches were released in USN-2497-1 |