CVE Vulnerabilities

CVE-2015-7977

NULL Pointer Dereference

Published: Jan 30, 2017 | Modified: Feb 01, 2022
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Ntp Ntp * 4.2.8 (including)
Ntp Ntp 4.3.0 (including) 4.3.90 (excluding)
Ntp Ntp 4.2.8 (including) 4.2.8 (including)
Ntp Ntp 4.2.8-p1 (including) 4.2.8-p1 (including)
Ntp Ntp 4.2.8-p1-beta1 (including) 4.2.8-p1-beta1 (including)
Ntp Ntp 4.2.8-p1-beta2 (including) 4.2.8-p1-beta2 (including)
Ntp Ntp 4.2.8-p1-beta3 (including) 4.2.8-p1-beta3 (including)
Ntp Ntp 4.2.8-p1-beta4 (including) 4.2.8-p1-beta4 (including)
Ntp Ntp 4.2.8-p1-beta5 (including) 4.2.8-p1-beta5 (including)
Ntp Ntp 4.2.8-p1-rc1 (including) 4.2.8-p1-rc1 (including)
Ntp Ntp 4.2.8-p1-rc2 (including) 4.2.8-p1-rc2 (including)
Ntp Ntp 4.2.8-p2 (including) 4.2.8-p2 (including)
Ntp Ntp 4.2.8-p2-rc1 (including) 4.2.8-p2-rc1 (including)
Ntp Ntp 4.2.8-p2-rc2 (including) 4.2.8-p2-rc2 (including)
Ntp Ntp 4.2.8-p2-rc3 (including) 4.2.8-p2-rc3 (including)
Ntp Ntp 4.2.8-p3 (including) 4.2.8-p3 (including)
Ntp Ntp 4.2.8-p3-rc1 (including) 4.2.8-p3-rc1 (including)
Ntp Ntp 4.2.8-p3-rc2 (including) 4.2.8-p3-rc2 (including)
Ntp Ntp 4.2.8-p3-rc3 (including) 4.2.8-p3-rc3 (including)
Ntp Ntp 4.2.8-p4 (including) 4.2.8-p4 (including)
Ntp Ntp 4.2.8-p5 (including) 4.2.8-p5 (including)
Red Hat Enterprise Linux 6 RedHat ntp-0:4.2.6p5-10.el6 *
Red Hat Enterprise Linux 7 RedHat ntp-0:4.2.6p5-25.el7 *
Ntp Ubuntu precise *
Ntp Ubuntu trusty *
Ntp Ubuntu upstream *
Ntp Ubuntu vivid *
Ntp Ubuntu vivid/stable-phone-overlay *
Ntp Ubuntu wily *
Ntp Ubuntu xenial *

Potential Mitigations

References