Vulnerabilities > CVE-2020-15025 - Memory Leak vulnerability in multiple products

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.

Vulnerable Configurations

Part	Description	Count
Application	Ntp NTP NTP 4.2.8 NTP NTP 4.3.97 NTP NTP 4.3.98 NTP NTP 4.3.99 NTP NTP 4.3.100	8
Application	Netapp Netapp Cloud Backup - Netapp Steelstore Cloud Integrated Storage -	2
Application	Oracle Oracle ZFS Storage Appliance KIT 8.8	1
OS	Opensuse Opensuse Leap 15.1 Opensuse Leap 15.2	2
OS	Netapp Netapp 8300 Firmware - Netapp 8700 Firmware - Netapp A400 Firmware - Netapp H410C Firmware - Netapp H300S Firmware - Netapp H500S Firmware - Netapp H700S Firmware - Netapp H300E Firmware - Netapp H500E Firmware - Netapp H700E Firmware - Netapp H410S Firmware -	11
Hardware	Netapp Netapp 8300 - Netapp 8700 - Netapp A400 - Netapp H410C - Netapp H300S - Netapp H500S - Netapp H700S - Netapp H300E - Netapp H500E - Netapp H700E - Netapp H410S -	11

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References