Vulnerabilities > CVE-2020-15025 - Memory Leak vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 | |
Application | 2 | |
Application | 1 | |
OS | 2 | |
OS | 11 | |
Hardware | 11 |
Common Weakness Enumeration (CWE)
References
- https://bugs.gentoo.org/729458
- https://support.ntp.org/bin/view/Main/NtpBug3661
- https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
- https://security.netapp.com/advisory/ntap-20200702-0002/
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
- https://security.gentoo.org/glsa/202007-12
- https://www.oracle.com/security-alerts/cpujan2021.html