4.9

CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version >= 4.3.97 < 4.3.101
NtpNtp Version4.2.8 Updatep11
NtpNtp Version4.2.8 Updatep12
NtpNtp Version4.2.8 Updatep13
NtpNtp Version4.2.8 Updatep14
OpensuseLeap Version15.1
OpensuseLeap Version15.2
NetappCloud Backup Version-
Netapp8300 Firmware Version-
   Netapp8300 Version-
Netapp8700 Firmware Version-
   Netapp8700 Version-
NetappA400 Firmware Version-
   NetappA400 Version-
NetappH410c Firmware Version-
   NetappH410c Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.89% 0.824
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
cve@mitre.org 4.4 0.7 3.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://bugs.gentoo.org/729458
Third Party Advisory
Issue Tracking