CVE-2016-7434

HIGH

NTP 4.3.0-4.3.94 - Denial of Service via Crafted MRU List Query

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2016-7434. PoCs published by Magnus Klaaborg Stubman, opsxcq, shekkbuilder.

AI-analyzed exploit summary This exploit sends a malformed UDP packet to an NTP server, triggering a denial of service (DoS) condition due to improper handling of the payload in vulnerable versions of ntpd. The payload is crafted to exploit a buffer overflow vulnerability in the NTP daemon.

Description

The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Magnus Klaaborg Stubman · pythondoslinux
https://www.exploit-db.com/exploits/40806

This exploit sends a malformed UDP packet to an NTP server, triggering a denial of service (DoS) condition due to improper handling of the payload in vulnerable versions of ntpd. The payload is crafted to exploit a buffer overflow vulnerability in the NTP daemon.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ntpd versions 4.2.7p22 to 4.2.8p8 and 4.3.0 to 4.3.93
No auth needed
Prerequisites: Network access to the target NTP server · UDP port 123 (or custom port) accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 25 stars
by opsxcq · poc
https://github.com/opsxcq/exploit-CVE-2016-7434

This repository contains a functional exploit for CVE-2016-7434, a null pointer dereference vulnerability in ntpd that causes a denial-of-service (DoS) when processing a crafted mrulist query packet. The exploit includes both Python and Bash scripts to trigger the crash, along with a Docker environment for testing.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ntpd versions 4.2.8p1 through 4.3.93
No auth needed
Prerequisites: Network access to the target's NTP port (UDP 123) · Target must be configured to allow mrulist queries
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by shekkbuilder · poc
https://github.com/shekkbuilder/CVE-2016-7434

This repository contains a functional Python script that exploits CVE-2016-7434, a pre-authentication denial-of-service vulnerability in NTPd. The exploit sends a malformed UDP packet to trigger a crash in vulnerable NTPd versions.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ntpd versions 4.2.7p22 to 4.2.8p8 and 4.3.0 to 4.3.93
No auth needed
Prerequisites: Network access to the target NTP server · UDP port 123 (or custom port) accessibility
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by cved-sources · poc
https://github.com/cved-sources/cve-2016-7434

This repository contains a Dockerized environment for NTP 4.2.8p8, which is vulnerable to CVE-2016-7434. The Dockerfile sets up a vulnerable NTP server, allowing for testing and exploitation of the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: NTP 4.2.8p8
No auth needed
Prerequisites: Docker environment · Network access to the NTP server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94448
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
http://support.ntp.org/bin/view/Main/NtpBug3082
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40806/
Release Notes, Vendor Advisory x_refsource_confirm
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Third Party Advisory x_refsource_confirm
http://nwtime.org/ntp428p9_release/
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/633847
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037354
Third Party Advisory x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa139
Third Party Advisory vendor-advisory x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc

Scores

CVSS v3 7.5
EPSS 0.5293
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (2)
hpe/hpux-ntp b.11.31 - c.4.2.8.2.0
ntp/ntp 4.2.7 p100 (49 CPE variants)
Published Jan 13, 2017
Tracked Since Feb 18, 2026