4.9

CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version >= 4.3.97 < 4.3.101
NtpNtp Version4.2.8 Updatep11
NtpNtp Version4.2.8 Updatep12
NtpNtp Version4.2.8 Updatep13
NtpNtp Version4.2.8 Updatep14
OpensuseLeap Version15.1
OpensuseLeap Version15.2
NetappCloud Backup Version-
Netapp8300 Firmware Version-
   Netapp8300 Version-
Netapp8700 Firmware Version-
   Netapp8700 Version-
NetappA400 Firmware Version-
   NetappA400 Version-
NetappH410c Firmware Version-
   NetappH410c Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.36% 0.871
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
cve@mitre.org 4.4 0.7 3.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://www.oracle.com/security-alerts/cpujan2021.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202007-12
Third Party Advisory
https://bugs.gentoo.org/729458
Third Party Advisory
Issue Tracking
https://security.netapp.com/advisory/ntap-20200702-0002/
Third Party Advisory
https://support.ntp.org/bin/view/Main/NtpBug3661
Vendor Advisory
https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
Vendor Advisory
Release Notes