CVE-2020-15025

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 24-06-2020 09:15

Last modified: - 02-09-2022 05:31

Total changes: - 4

Description

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

High

Privileges required

Unchanged

Scope

None

User interaction

4.9

Base score

1.2

3.6

Exploitability score

Impact score

Verification logic

Reference

https://bugs.gentoo.org/729458
https://support.ntp.org/bin/view/Main/NtpBug3661
https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
https://security.netapp.com/advisory/ntap-20200702-0002/
openSUSE-SU-2020:0934-Mailing List, Third Party Advisory
openSUSE-SU-2020:1007-Mailing List, Third Party Advisory
GLSA-202007-12-Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Keywords

CVE-2020-15025

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-15025

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures