CVE-2020-15025

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ntp versions 4.2.8 through 4.2.8p14 ntp versions 4.3.x through 4.3.100

Description The issue is related to a memory consumption problem in ntpd, which can be exploited by remote attackers to cause a denial of service. This occurs when memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. The vulnerability is linked to an error in memory release.

Recommendations For ntp versions 4.2.8 through 4.2.8p14, update to version 4.2.8p15 or later. For ntp versions 4.3.x through 4.3.100, update to version 4.3.101 or later.

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2020-2616

ALT-PU-2020-2665

BDU:2020-03219

CVE-2020-15025

MGASA-2020-0281

OESA-2022-1952

OESA-2022-1953

OPENSUSE-SU-2020:0934-1

OPENSUSE-SU-2020:1007-1

OPENSUSE-SU-2020_0934-1

OPENSUSE-SU-2020_1007-1

OPENSUSE-SU-2024:11102-1

SUSE-SU-2020:14415-1

SUSE-SU-2020:1805-1

SUSE-SU-2020:1823-1

USN-5175-1

Affected Products

Alt Linux

Astra Linux

Ibm Aix

Linuxmint

Red Os

Suse

Ubuntu

Ntp

CVE-2020-15025

Weakness Enumeration

Related Identifiers

Affected Products

References · 67