CVE-2016-7434

Name

CVE-2016-7434

Description

The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Third Party Advisory	http://nwtime.org/ntp428p9_release/
Issue Tracking	http://support.ntp.org/bin/view/Main/NtpBug3082
Release Notes	http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Third Party Advisory	http://www.securityfocus.com/bid/94448
Third Party Advisory	http://www.securitytracker.com/id/1037354
Third Party Advisory	https://bto.bluecoat.com/security-advisory/sa139
Third Party Advisory	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
Third Party Advisory	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
Exploit	https://www.exploit-db.com/exploits/40806/
Third Party Advisory	https://www.kb.cert.org/vuls/id/633847

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:ntp:ntp::::::::`	ntp	>= 4.3.0	< 4.3.94
`cpe:2.3:a:ntp:ntp:4.2.7:p100::::::`	ntp	== None	== 4.2.7
`cpe:2.3:a:ntp:ntp:4.2.8:-::::::`	ntp	== None	== 4.2.8

Source package	Branch	Version	Maintainer	Status