CVE Vulnerabilities

CVE-2015-7850

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Aug 07, 2017 | Modified: Jun 18, 2020
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
4 LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Ntp Ntp 4.2.0 (including) 4.2.8 (excluding)
Ntp Ntp 4.3.0 (including) 4.3.77 (excluding)
Ntp Ntp 4.2.8 (including) 4.2.8 (including)
Ntp Ntp 4.2.8-p1 (including) 4.2.8-p1 (including)
Ntp Ntp 4.2.8-p1-beta1 (including) 4.2.8-p1-beta1 (including)
Ntp Ntp 4.2.8-p1-beta2 (including) 4.2.8-p1-beta2 (including)
Ntp Ntp 4.2.8-p1-beta3 (including) 4.2.8-p1-beta3 (including)
Ntp Ntp 4.2.8-p1-beta4 (including) 4.2.8-p1-beta4 (including)
Ntp Ntp 4.2.8-p1-beta5 (including) 4.2.8-p1-beta5 (including)
Ntp Ntp 4.2.8-p1-rc1 (including) 4.2.8-p1-rc1 (including)
Ntp Ntp 4.2.8-p1-rc2 (including) 4.2.8-p1-rc2 (including)
Ntp Ntp 4.2.8-p2 (including) 4.2.8-p2 (including)
Ntp Ntp 4.2.8-p2-rc1 (including) 4.2.8-p2-rc1 (including)
Ntp Ntp 4.2.8-p2-rc2 (including) 4.2.8-p2-rc2 (including)
Ntp Ntp 4.2.8-p2-rc3 (including) 4.2.8-p2-rc3 (including)
Ntp Ntp 4.2.8-p3 (including) 4.2.8-p3 (including)
Ntp Ntp 4.2.8-p3-rc1 (including) 4.2.8-p3-rc1 (including)
Ntp Ntp 4.2.8-p3-rc2 (including) 4.2.8-p3-rc2 (including)
Ntp Ntp 4.2.8-p3-rc3 (including) 4.2.8-p3-rc3 (including)
Ntp Ubuntu devel *
Ntp Ubuntu precise *
Ntp Ubuntu trusty *
Ntp Ubuntu trusty/esm *
Ntp Ubuntu vivid *
Ntp Ubuntu vivid/stable-phone-overlay *
Ntp Ubuntu wily *

References