CVE-2014-9750 in ntpinfo

Summary

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

10/04/2015

Disclosure

10/05/2015

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

7.3

EPSS

0.04426

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-9750
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-9750
CVE Details	https://www.cvedetails.com/cve/CVE-2014-9750/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!