Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7855

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.

Published

2017-08-07T20:29:00.950

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ntp ntp < 4.2.8 Yes
Application ntp ntp < 4.3.77 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Operating System debian debian_linux 7.0 Yes
Operating System debian debian_linux 8.0 Yes
Operating System debian debian_linux 9.0 Yes
Application netapp oncommand_balance - Yes
Application netapp oncommand_performance_manager - Yes
Application netapp oncommand_unified_manager - Yes
Operating System netapp clustered_data_ontap - Yes
Operating System netapp data_ontap - Yes
Operating System siemens tim_4r-ie_firmware * Yes
Hardware siemens tim_4r-ie - No
Operating System siemens tim_4r-ie_dnp3_firmware * Yes
Hardware siemens tim_4r-ie_dnp3 - No
References