threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ntp
Product
ntp
99 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-26555
all versions
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., wi
6.4
MEDIUM
CVE-2023-26554
all versions
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to a
5.6
MEDIUM
CVE-2023-26553
all versions
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able
5.6
MEDIUM
CVE-2023-26552
all versions
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to at
5.6
MEDIUM
CVE-2023-26551
all versions
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to att
5.6
MEDIUM
CVE-2020-15025
>= 4.3.97 and < 4.3.101
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumptio
4.4
MEDIUM
CVE-2020-13817
< 4.2.8
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system t
7.4
HIGH
CVE-2018-8956
all versions
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its
5.3
MEDIUM
CVE-2020-11868
<= 4.2.7
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a se
7.5
HIGH
CVE-2015-7851
>= 4.2.0 and < 4.2.8
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems
6.5
MEDIUM
CVE-2014-5209
all versions
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, whi
5.3
MEDIUM
CVE-2019-8936
< 4.2.8
NTP through 4.2.8p12 has a NULL Pointer Dereference.
7.5
HIGH
CVE-2019-11331
all versions
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, whi
8.1
HIGH
CVE-2018-12327
all versions
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to
9.8
CRITICAL
CVE-2016-9042
all versions
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially cra
5.9
MEDIUM
CVE-2018-7183
all versions
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary cod
9.8
CRITICAL
CVE-2018-7185
>= 4.2.6 and < 4.2.8
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continuall
7.5
HIGH
CVE-2018-7184
all versions
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to c
7.5
HIGH
CVE-2018-7182
all versions
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds
7.5
HIGH
CVE-2018-7170
>= 4.2.0 and < 4.2.8
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create
5.3
MEDIUM
CVE-2015-5146
<= 4.2.8
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration
5.3
MEDIUM
CVE-2015-3405
all versions
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big end
7.5
HIGH
CVE-2015-7871
>= 4.2.6 and < 4.2.8
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
9.8
CRITICAL
CVE-2015-7855
>= 4.2.0 and < 4.2.8
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial o
6.5
MEDIUM
CVE-2015-7854
>= 4.2.0 and < 4.2.8
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authen
8.8
HIGH
CVE-2015-7853
>= 4.2.0 and < 4.2.8
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execu
9.8
CRITICAL
CVE-2015-7852
>= 4.2.0 and < 4.2.8
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted
5.9
MEDIUM
CVE-2015-7850
>= 4.2.0 and < 4.2.8
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite
6.5
MEDIUM
CVE-2015-7849
>= 4.2.0 and < 4.2.8
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to pos
8.8
HIGH
CVE-2015-7705
>= 4.2.0 and < 4.2.8
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via
9.8
CRITICAL
CVE-2015-7704
>= 4.2.0 and < 4.2.8
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a numbe
7.5
HIGH
CVE-2015-7702
>= 4.2.0 and < 4.2.8
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of
6.5
MEDIUM
CVE-2015-7701
>= 4.2.0 and < 4.2.8
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to c
7.5
HIGH
CVE-2015-7692
>= 4.2.0 and < 4.2.8
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of
7.5
HIGH
CVE-2015-7691
>= 4.2.0 and < 4.2.8
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of
7.5
HIGH
CVE-2015-7703
>= 4.2.0 and < 4.2.8
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allo
7.5
HIGH
CVE-2015-5300
<= 4.2.8
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128
7.5
HIGH
CVE-2015-5219
<= 4.2.7
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a doub
7.5
HIGH
CVE-2015-5195
<= 4.2.7
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a cra
7.5
HIGH
CVE-2015-5194
<= 4.2.7
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of servic
7.5
HIGH
CVE-2017-6464
all versions
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode
6.5
MEDIUM
CVE-2017-6463
all versions
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an i
6.5
MEDIUM
CVE-2017-6462
all versions
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94
7.8
HIGH
CVE-2017-6460
all versions
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers h
8.8
HIGH
CVE-2017-6459
all versions
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors re
5.5
MEDIUM
CVE-2017-6458
< 4.2.8
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated user
8.8
HIGH
CVE-2017-6455
all versions
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS
7.0
HIGH
CVE-2017-6452
all versions
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have un
7.8
HIGH
CVE-2017-6451
all versions
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the
7.8
HIGH
CVE-2016-2519
<= 4.2.8
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large re
5.9
MEDIUM
CVE-2016-2518
< 4.2.8
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds r
5.3
MEDIUM
CVE-2016-2517
<= 4.2.8
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication
5.3
MEDIUM
CVE-2016-2516
<= 4.2.8
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abor
5.3
MEDIUM
CVE-2015-8158
<= 4.2.8
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial
5.9
MEDIUM
CVE-2015-8140
<= 4.2.8
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
4.8
MEDIUM
CVE-2015-8139
<= 4.2.8
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
5.3
MEDIUM
CVE-2015-8138
<= 4.2.8
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an
5.3
MEDIUM
CVE-2015-7979
<= 4.2.8
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear do
7.5
HIGH
CVE-2015-7978
<= 4.2.8
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc
7.5
HIGH
CVE-2015-7977
<= 4.2.8
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference)
5.9
MEDIUM
CVE-2015-7976
<= 4.2.8
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special c
4.3
MEDIUM
CVE-2015-7975
<= 4.2.8
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allow
6.2
MEDIUM
CVE-2015-7973
< 4.2.8
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct repla
6.5
MEDIUM
CVE-2016-1551
all versions
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it fr
3.7
LOW
CVE-2016-9312
<= 4.2.8
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.
7.5
HIGH
CVE-2016-9311
<= 4.2.8
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer d
5.9
MEDIUM
CVE-2016-9310
<= 4.2.8
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted
6.5
MEDIUM
CVE-2016-7434
>= 4.3.0 and < 4.3.94
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulis
7.5
HIGH
CVE-2016-7433
<= 4.2.8
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact vi
5.3
MEDIUM
CVE-2016-7431
all versions
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. N
5.3
MEDIUM
CVE-2016-7429
<= 4.2.8
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attacke
3.7
LOW
CVE-2016-7428
all versions
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll inter
4.3
MEDIUM
CVE-2016-7427
all versions
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of serv
4.3
MEDIUM
CVE-2016-7426
>= 4.2.6 and < 4.2.8
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled,
7.5
HIGH
CVE-2016-1550
all versions
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b9
5.3
MEDIUM
CVE-2016-1549
all versions
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in
6.5
MEDIUM
CVE-2016-1548
all versions
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-dst timestamp recorded
7.2
HIGH
CVE-2016-1547
<= 4.2.8
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc
5.3
MEDIUM
CVE-2015-7848
>= 4.0 and < 4.2.8
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially craf
7.5
HIGH
CVE-2016-4957
all versions
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: thi
7.5
HIGH
CVE-2016-4956
>= 4.2.0 and < 4.2.8
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change)
5.3
MEDIUM
CVE-2016-4955
>= 4.2.0 and < 4.2.8
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clear
5.9
MEDIUM
CVE-2016-4954
>= 4.2.0 and < 4.2.8
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service
7.5
HIGH
CVE-2016-4953
>= 4.2.0 and < 4.2.8
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by send
7.5
HIGH
CVE-2015-7974
>= 4.2.0 and < 4.2.8
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, whic
7.7
HIGH
CVE-2014-9751
>= 4.2.0 and < 4.2.8
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine wheth
CVE-2014-9750
>= 4.2.0 and < 4.2.8
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitiv
CVE-2015-1799
<= 4.2.7p444
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable
CVE-2015-1798
<= 4.2.7p444
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if
CVE-2014-9296
<= 4.2.7
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication erro
CVE-2014-9295
<= 4.2.7
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted p
CVE-2014-9294
<= 4.2.7
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat
CVE-2014-9293
<= 4.2.7
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which mak
CVE-2013-5211
< 4.2.7
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic
CVE-2009-3563
<= 4.2.2p4
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth co
CVE-2009-1252
all versions
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, w
CVE-2009-0159
<= 4.2.4p7
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers
CVE-2009-0021
<= 4.2.4p4
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal func
CVE-2004-0657
< 4.0
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requ
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin