Ntf · Ntp · CVE-2015-7855
**Name of the Vulnerable Software and Affected Versions**
NTP versions 4.2.x through 4.2.8p3
NTP versions 4.3.x through 4.3.76
**Description**
The issue allows remote attackers to cause a denial of service via a 6 or mode 7 packet containing a long data value. This is due to the decodenetnum function in ntpd, which causes an assertion failure instead of returning FAIL on some invalid values.
**Recommendations**
For NTP versions 4.2.x through 4.2.8p3, update to version 4.2.8p4 or later.
For NTP versions 4.3.x through 4.3.76, update to version 4.3.77 or later.
As a temporary workaround, consider restricting access to the decodenetnum function until a patch is available.