CVE-2014-9750CVE-2014-9750

Affected configuration(s):

cpe:/a:ntp:ntp:4.2.8

Date published: 2015-10-05T21:59:00.283-04:00

Date last modified: 2017-11-03T21:29:01.740-04:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://bugs.ntp.org/show_bug.cgi?id=2671

Summary: ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.