CVE-2016-9311

MEDIUM

NTP <4.2.8p9 - DoS

Title source: llm

Description

ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.

References (13)

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03885en_us

[Release Notes, Vendor Advisory] http://nwtime.org/ntp428p9_release/

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0252.html

[Issue Tracking, Mitigation, Vendor Advisory] http://support.ntp.org/bin/view/Main/NtpBug3119

[Vendor Advisory] http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94444

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037354

[Various Sources] https://bto.bluecoat.com/security-advisory/sa139

[Vendor Advisory] https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us

[Various Sources] https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc

[Vendor Advisory] https://usn.ubuntu.com/3707-2/

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/633847

Scores

CVSS v3 5.9

EPSS 0.0478

EPSS Percentile 89.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (2)

ntp/ntp < 4.2.8

n/a/n/a

Timeline

Published Jan 13, 2017

Tracked Since Feb 18, 2026