NTP BUG 2919: ntpq atoascii() potential memory corruption

Last update: April 22, 2024 18:49 UTC (7e7bd5857)


Resolved 4.2.8p4 21 Oct 2015
References Bug 2919 CVE-2015-7852
Affects All ntp-4 releases running up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77.
Resolved in 4.2.8p4
CVSS2 Score 4.0, worst case AV:N/AC:H/Au:N/C:N/I:P/A:P


If an attacker can figure out the precise moment that ntpq is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq, can cause ntpq to crash.



This weakness was discovered by Yves Younan and Aleksander Nikolich of Cisco Talos.