Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7848

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.

Published

2017-01-06T21:59:00.243

Last Modified

2025-05-23T02:15:39.010

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	netapp	clustered_data_ontap	-	Yes
Application	netapp	data_ontap_operating_in_7-mode	-	Yes
Application	netapp	oncommand_balance	-	Yes
Application	netapp	oncommand_performance_manager	-	Yes
Application	netapp	oncommand_unified_manager	-	Yes
Application	ntp	ntp	< 4.2.8	Yes
Application	ntp	ntp	< 4.3.77	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes

References

http://www.securityfocus.com/bid/77275 Broken Link ([email protected])
http://www.securitytracker.com/id/1033951 Broken Link ([email protected])
http://www.talosintelligence.com/reports/TALOS-2015-0052/ Exploit, Technical Description, Third Party Advisory, VDB Entry ([email protected])
https://security.gentoo.org/glsa/201607-15 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20171004-0001/ Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/77275 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033951 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.talosintelligence.com/reports/TALOS-2015-0052/ Exploit, Technical Description, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201607-15 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20171004-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)