National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ntp:ntp:4.3.92
There are 9 matching records.
Vuln ID Summary CVSS Severity
CVE-2017-6464

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-6463

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-6462

Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2017-6460

Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-6459

The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-6458

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-6455

NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 7.0 HIGH
V2: 4.4 MEDIUM
CVE-2017-6452

Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2017-6451

The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM