5.3

CVE-2016-2518

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

Data is provided by the National Vulnerability Database (NVD)
NtpNtp Version < 4.2.8
NtpNtp Version >= 4.3.0 < 4.3.92
NtpNtp Version4.2.8 Update-
NtpNtp Version4.2.8 Updatep1
NtpNtp Version4.2.8 Updatep1-beta1
NtpNtp Version4.2.8 Updatep1-beta2
NtpNtp Version4.2.8 Updatep1-beta3
NtpNtp Version4.2.8 Updatep1-beta4
NtpNtp Version4.2.8 Updatep1-beta5
NtpNtp Version4.2.8 Updatep1-rc1
NtpNtp Version4.2.8 Updatep1-rc2
NtpNtp Version4.2.8 Updatep2
NtpNtp Version4.2.8 Updatep2-rc1
NtpNtp Version4.2.8 Updatep2-rc2
NtpNtp Version4.2.8 Updatep2-rc3
NtpNtp Version4.2.8 Updatep3
NtpNtp Version4.2.8 Updatep3-rc1
NtpNtp Version4.2.8 Updatep3-rc2
NtpNtp Version4.2.8 Updatep3-rc3
NtpNtp Version4.2.8 Updatep4
NtpNtp Version4.2.8 Updatep5
NtpNtp Version4.2.8 Updatep6
NtpNtp Version4.2.8 Updatep7
NtpNtp Version4.2.8 Updatep8
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
NetappData Ontap Version- SwPlatform7-mode
NetappOncommand Balance Version-
OracleLinux Version6 Update-
OracleLinux Version7 Update-
FreebsdFreebsd Version9.3 Update-
FreebsdFreebsd Version9.3 Updatep1
FreebsdFreebsd Version9.3 Updatep10
FreebsdFreebsd Version9.3 Updatep12
FreebsdFreebsd Version9.3 Updatep13
FreebsdFreebsd Version9.3 Updatep16
FreebsdFreebsd Version9.3 Updatep19
FreebsdFreebsd Version9.3 Updatep2
FreebsdFreebsd Version9.3 Updatep20
FreebsdFreebsd Version9.3 Updatep21
FreebsdFreebsd Version9.3 Updatep22
FreebsdFreebsd Version9.3 Updatep23
FreebsdFreebsd Version9.3 Updatep24
FreebsdFreebsd Version9.3 Updatep25
FreebsdFreebsd Version9.3 Updatep28
FreebsdFreebsd Version9.3 Updatep3
FreebsdFreebsd Version9.3 Updatep30
FreebsdFreebsd Version9.3 Updatep31
FreebsdFreebsd Version9.3 Updatep32
FreebsdFreebsd Version9.3 Updatep33
FreebsdFreebsd Version9.3 Updatep34
FreebsdFreebsd Version9.3 Updatep35
FreebsdFreebsd Version9.3 Updatep36
FreebsdFreebsd Version9.3 Updatep38
FreebsdFreebsd Version9.3 Updatep39
FreebsdFreebsd Version9.3 Updatep5
FreebsdFreebsd Version9.3 Updatep6
FreebsdFreebsd Version9.3 Updatep7
FreebsdFreebsd Version9.3 Updatep8
FreebsdFreebsd Version9.3 Updatep9
FreebsdFreebsd Version10.1 Update-
FreebsdFreebsd Version10.1 Updatep1
FreebsdFreebsd Version10.1 Updatep10
FreebsdFreebsd Version10.1 Updatep12
FreebsdFreebsd Version10.1 Updatep15
FreebsdFreebsd Version10.1 Updatep16
FreebsdFreebsd Version10.1 Updatep17
FreebsdFreebsd Version10.1 Updatep18
FreebsdFreebsd Version10.1 Updatep19
FreebsdFreebsd Version10.1 Updatep2
FreebsdFreebsd Version10.1 Updatep22
FreebsdFreebsd Version10.1 Updatep24
FreebsdFreebsd Version10.1 Updatep25
FreebsdFreebsd Version10.1 Updatep26
FreebsdFreebsd Version10.1 Updatep27
FreebsdFreebsd Version10.1 Updatep28
FreebsdFreebsd Version10.1 Updatep29
FreebsdFreebsd Version10.1 Updatep3
FreebsdFreebsd Version10.1 Updatep30
FreebsdFreebsd Version10.1 Updatep31
FreebsdFreebsd Version10.1 Updatep4
FreebsdFreebsd Version10.1 Updatep5
FreebsdFreebsd Version10.1 Updatep6
FreebsdFreebsd Version10.1 Updatep7
FreebsdFreebsd Version10.1 Updatep8
FreebsdFreebsd Version10.1 Updatep9
FreebsdFreebsd Version10.2 Update-
FreebsdFreebsd Version10.2 Updatep1
FreebsdFreebsd Version10.2 Updatep10
FreebsdFreebsd Version10.2 Updatep11
FreebsdFreebsd Version10.2 Updatep12
FreebsdFreebsd Version10.2 Updatep13
FreebsdFreebsd Version10.2 Updatep14
FreebsdFreebsd Version10.2 Updatep2
FreebsdFreebsd Version10.2 Updatep5
FreebsdFreebsd Version10.2 Updatep7
FreebsdFreebsd Version10.2 Updatep8
FreebsdFreebsd Version10.2 Updatep9
FreebsdFreebsd Version10.3 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.47% 0.8
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1035705
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/718152
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/88226
Third Party Advisory
VDB Entry