CVE-2015-7975

Опубликовано: 20 янв. 2016

Источник: redhat

CVSS2: 2.6

Описание

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

Отчет

This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they do not include the affected code, which was introduced in version 4.2.8 of NTP.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	ntp	Not affected
Red Hat Enterprise Linux 6	ntp	Not affected
Red Hat Enterprise Linux 7	ntp	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-131

https://bugzilla.redhat.com/show_bug.cgi?id=1300267ntp: nextvar() missing length check in ntpq

2.6 Low

CVSS2

Связанные уязвимости

CVE-2015-7975

CVSS3: 6.2

ubuntu

около 9 лет назад

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

CVE-2015-7975

CVSS3: 6.2

nvd

около 9 лет назад

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

CVE-2015-7975

CVSS3: 6.2

debian

около 9 лет назад

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 doe ...

GHSA-3x6c-8mj8-xj2q

CVSS3: 6.2

github

больше 3 лет назад

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

openSUSE-SU-2016:1292-1

suse-cvrf

больше 9 лет назад

Security update for ntp

2.6 Low

CVSS2