CVE-2020-15025
Summary
| CVE | CVE-2020-15025 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-06-24 19:15:00 UTC |
|---|
| Updated | 2023-11-07 03:17:00 UTC |
|---|
| Description | ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| NTP: Multiple vulnerabilities (GLSA 202007-12) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| support.ntp.org/bin/view/Main/NtpBug3661 |
MISC |
support.ntp.org |
Vendor Advisory |
| SecurityNotice < Main < NTP |
MISC |
support.ntp.org |
Release Notes, Vendor Advisory |
| CVE-2020-15025 Network Time Protocol Daemon (ntpd) Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| [security-announce] openSUSE-SU-2020:0934-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| 729458 – (CVE-2020-15025) <net-misc/ntp-4.2.8_p15: Memory leak allowing denial of service (CVE-2020-15025) |
MISC |
bugs.gentoo.org |
Issue Tracking, Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1007-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| Oracle Critical Patch Update Advisory - January 2021 |
MISC |
www.oracle.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296071 Oracle Solaris 11.4 Support Repository Update (SRU) 27.82.1 Missing (CPUOCT2020)
- 38891 Network Time Protocol Denial of Service (DoS) Vulnerability (ntp-4.2.8p15,ntp-4.3.101)
