CVE-2015-8158

EUVD-2015-8048
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
ntpntp
𝑥
≤ 4.2.8
ntpntp
4.3.0
ntpntp
4.3.1
ntpntp
4.3.2
ntpntp
4.3.3
ntpntp
4.3.4
ntpntp
4.3.5
ntpntp
4.3.6
ntpntp
4.3.7
ntpntp
4.3.8
ntpntp
4.3.10
ntpntp
4.3.11
ntpntp
4.3.12
ntpntp
4.3.13
ntpntp
4.3.14
ntpntp
4.3.15
ntpntp
4.3.16
ntpntp
4.3.17
ntpntp
4.3.18
ntpntp
4.3.19
ntpntp
4.3.20
ntpntp
4.3.21
ntpntp
4.3.22
ntpntp
4.3.23
ntpntp
4.3.24
ntpntp
4.3.25
ntpntp
4.3.26
ntpntp
4.3.27
ntpntp
4.3.28
ntpntp
4.3.29
ntpntp
4.3.30
ntpntp
4.3.31
ntpntp
4.3.32
ntpntp
4.3.33
ntpntp
4.3.34
ntpntp
4.3.35
ntpntp
4.3.36
ntpntp
4.3.37
ntpntp
4.3.38
ntpntp
4.3.39
ntpntp
4.3.40
ntpntp
4.3.41
ntpntp
4.3.42
ntpntp
4.3.43
ntpntp
4.3.44
ntpntp
4.3.45
ntpntp
4.3.46
ntpntp
4.3.47
ntpntp
4.3.48
ntpntp
4.3.49
ntpntp
4.3.50
ntpntp
4.3.51
ntpntp
4.3.52
ntpntp
4.3.53
ntpntp
4.3.54
ntpntp
4.3.55
ntpntp
4.3.56
ntpntp
4.3.57
ntpntp
4.3.58
ntpntp
4.3.59
ntpntp
4.3.60
ntpntp
4.3.61
ntpntp
4.3.62
ntpntp
4.3.63
ntpntp
4.3.64
ntpntp
4.3.65
ntpntp
4.3.66
ntpntp
4.3.67
ntpntp
4.3.68
ntpntp
4.3.69
ntpntp
4.3.70
ntpntp
4.3.71
ntpntp
4.3.72
ntpntp
4.3.73
ntpntp
4.3.74
ntpntp
4.3.75
ntpntp
4.3.76
ntpntp
4.3.77
ntpntp
4.3.78
ntpntp
4.3.79
ntpntp
4.3.80
ntpntp
4.3.81
ntpntp
4.3.82
ntpntp
4.3.83
ntpntp
4.3.84
ntpntp
4.3.85
ntpntp
4.3.86
ntpntp
4.3.87
ntpntp
4.3.88
ntpntp
4.3.89
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
precise
Fixed 1:4.2.6.p3+dfsg-1ubuntu3.11
released
trusty
Fixed 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
released
vivid
ignored
wily
ignored
xenial
Fixed 1:4.2.8p4+dfsg-3ubuntu5.3
released
yakkety
not-affected
zesty
not-affected
References
http://rhn.redhat.com/errata/RHSA-2016-2583.html
http://support.ntp.org/bin/view/Main/NtpBug2948
http://www.debian.org/security/2016/dsa-3629
http://www.securityfocus.com/bid/81814
http://www.securitytracker.com/id/1034782
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171031-0001/
https://www.kb.cert.org/vuls/id/718152
http://rhn.redhat.com/errata/RHSA-2016-2583.html
http://support.ntp.org/bin/view/Main/NtpBug2948
http://www.debian.org/security/2016/dsa-3629
http://www.securityfocus.com/bid/81814
http://www.securitytracker.com/id/1034782
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171031-0001/
https://www.kb.cert.org/vuls/id/718152