Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    38 vulnerabilities found for manager_proxy by suse

    CVE-2026-31431 (GCVE-0-2026-31431)

    Vulnerability from nvd – Published: 2026-04-22 08:15 – Updated: 2026-07-01 12:05
    VLAI CISA CIRCL KEVIntel
    Title
    crypto: algif_aead - Revert to operating out-of-place
    Summary
    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/893d22e0135fa394d…
    https://git.kernel.org/stable/c/19d43105a97be0810…
    https://git.kernel.org/stable/c/961cfa271a918ad4a…
    https://git.kernel.org/stable/c/3115af9644c342b35…
    https://git.kernel.org/stable/c/8b88d99341f139e23…
    https://git.kernel.org/stable/c/fafe0fa2995a0f707…
    https://git.kernel.org/stable/c/ce42ee423e58dffa5…
    https://git.kernel.org/stable/c/a664bf3d603dc3bdc…
    https://github.com/theori-io/copy-fail-CVE-2026-31431 exploit
    https://xint.io/blog/copy-fail-linux-distribution… mitigation
    https://lore.kernel.org/linux-cve-announce/202604… mitigation
    https://access.redhat.com/security/cve/cve-2026-3… mitigation
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://www.openwall.com/lists/oss-security/2026/0…
    https://copy.fail
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/04/30/2
    http://www.openwall.com/lists/oss-security/2026/04/30/5
    http://www.openwall.com/lists/oss-security/2026/04/30/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://websec.net/blog/cve-2026-31431-linux-algi…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/01/2
    http://www.openwall.com/lists/oss-security/2026/05/01/3
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/02/4
    http://www.openwall.com/lists/oss-security/2026/05/02/5
    http://www.openwall.com/lists/oss-security/2026/05/02/6
    http://www.openwall.com/lists/oss-security/2026/05/02/7
    http://www.openwall.com/lists/oss-security/2026/05/02/8
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/3
    http://www.openwall.com/lists/oss-security/2026/05/03/4
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/5
    http://www.openwall.com/lists/oss-security/2026/05/03/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/1
    http://www.openwall.com/lists/oss-security/2026/05/04/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/8
    http://www.openwall.com/lists/oss-security/2026/05/04/9
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/06/5
    http://www.openwall.com/lists/oss-security/2026/05/07/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://www.kb.cert.org/vuls/id/260001
    http://www.openwall.com/lists/oss-security/2026/05/18/3
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://access.redhat.com/security/cve/CVE-2026-31431 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460538 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:14926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33486 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13727 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13887 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13936 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14230 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16208 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13578 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14301 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.14
    Unaffected: 0 , < 4.14 (semver)
    Unaffected: 5.10.254 , ≤ 5.10.* (semver)
    Unaffected: 5.15.204 , ≤ 5.15.* (semver)
    Unaffected: 6.1.170 , ≤ 6.1.* (semver)
    Unaffected: 6.6.137 , ≤ 6.6.* (semver)
    Unaffected: 6.12.85 , ≤ 6.12.* (semver)
    Unaffected: 6.18.22 , ≤ 6.18.* (semver)
    Unaffected: 6.19.12 , ≤ 6.19.* (semver)
    Unaffected: 7.0 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31431",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-05-01",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-669",
                    "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-02T03:55:23.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:00:00.000Z",
                "value": "CVE-2026-31431 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:44:54.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
              },
              {
                "url": "https://copy.fail"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
              },
              {
                "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/260001"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:09:03.910Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Linux kernel\u0027s algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1288",
                    "description": "Improper Validation of Consistency within Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:08.344Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
              },
              {
                "name": "RHBZ#2460538",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33486"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14097"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13729"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13885"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13727"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13862"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13811"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13887"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13566"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13936"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13734"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14339"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15976"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14230"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13681"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16210"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16209"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16208"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16018"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15978"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13578"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14301"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:14926: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33486: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14097: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14112: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13729: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13885: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13727: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13690: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13862: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13811: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13887: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13932: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14339: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15976: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14230: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16111: Red Hat Enterprise Linux BaseOS E4S (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16210: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16209: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16208: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16063: Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16018: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15978: Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: crypto: algif_aead - Revert to operating out-of-place",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "893d22e0135fa394db81df88697fba6032747667",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "lessThan": "4.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.254",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.204",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.170",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.137",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.85",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.22",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.19.*",
                  "status": "unaffected",
                  "version": "6.19.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.0",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.254",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.204",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.170",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.137",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.85",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.22",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.19.12",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:08:34.612Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
            },
            {
              "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
            },
            {
              "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
            },
            {
              "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
            },
            {
              "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
            },
            {
              "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
            },
            {
              "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
            },
            {
              "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
            }
          ],
          "title": "crypto: algif_aead - Revert to operating out-of-place",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-31431",
        "datePublished": "2026-04-22T08:15:10.123Z",
        "dateReserved": "2026-03-09T15:48:24.089Z",
        "dateUpdated": "2026-07-01T12:05:08.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-27239 (GCVE-0-2022-27239)

    Vulnerability from nvd – Published: 2022-04-27 00:00 – Updated: 2024-08-03 05:25
    VLAI

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:32.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/piastry/cifs-utils/pull/7"
              },
              {
                "name": "FEDORA-2022-eb2d3ca94d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"
              },
              {
                "name": "FEDORA-2022-7fda04ab5a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"
              },
              {
                "name": "FEDORA-2022-34de4f833d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"
              },
              {
                "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"
              },
              {
                "name": "DSA-5157",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5157"
              },
              {
                "name": "GLSA-202311-05",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-05"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-24T15:06:24.937Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"
            },
            {
              "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"
            },
            {
              "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"
            },
            {
              "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"
            },
            {
              "url": "https://github.com/piastry/cifs-utils/pull/7"
            },
            {
              "name": "FEDORA-2022-eb2d3ca94d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"
            },
            {
              "name": "FEDORA-2022-7fda04ab5a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"
            },
            {
              "name": "FEDORA-2022-34de4f833d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"
            },
            {
              "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"
            },
            {
              "name": "DSA-5157",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5157"
            },
            {
              "name": "GLSA-202311-05",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202311-05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-27239",
        "datePublished": "2022-04-27T00:00:00.000Z",
        "dateReserved": "2022-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:25:32.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4034 (GCVE-0-2021-4034)

    Vulnerability from nvd – Published: 2022-01-28 00:00 – Updated: 2025-10-21 23:15
    VLAI CISA KEVIntel
    Summary
    A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a polkit Affected: all
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-23T18:05:54.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.suse.com/support/kb/doc/?id=000020564"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-4034",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-12T10:21:57.857346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-06-27",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:48.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-06-27T00:00:00.000Z",
                "value": "CVE-2021-4034 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "polkit",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "(CWE-787|CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-18T00:16:44.133Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
            },
            {
              "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
            },
            {
              "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
            },
            {
              "url": "https://www.suse.com/support/kb/doc/?id=000020564"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
            },
            {
              "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
            },
            {
              "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4034",
        "datePublished": "2022-01-28T00:00:00.000Z",
        "dateReserved": "2021-11-29T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:48.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5300 (GCVE-0-2015-5300)

    Vulnerability from nvd – Published: 2017-07-21 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-1930.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://seclists.org/bugtraq/2016/Feb/164 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2783-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 x_refsource_MISC
    https://www.oracle.com/technetwork/topics/securit… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/SecurityNoti… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1271076 x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://support.citrix.com/article/CTX220112 x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://www.ibm.com/support/home/docdisplay?lndoc… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.debian.org/security/2015/dsa-3388 vendor-advisoryx_refsource_DEBIAN
    https://www.oracle.com/technetwork/topics/securit… x_refsource_CONFIRM
    http://aix.software.ibm.com/aix/efixes/security/n… x_refsource_CONFIRM
    https://www.cs.bu.edu/~goldbe/NTPattack.html x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id/1034670 vdb-entryx_refsource_SECTRACK
    https://www-01.ibm.com/support/docview.wss?uid=is… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/77312 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.freebsd.org/security/advisories/FreeB… vendor-advisoryx_refsource_FREEBSD
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www-01.ibm.com/support/docview.wss?uid=na… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www-01.ibm.com/support/docview.wss?uid=is… x_refsource_CONFIRM
    https://bto.bluecoat.com/security-advisory/sa113 x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=ss… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug2956 x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.netapp.com/advisory/ntap-2017100… x_refsource_CONFIRM
    Date Public
    2015-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:09.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:1930",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
              },
              {
                "name": "SUSE-SU:2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2016/Feb/164"
              },
              {
                "name": "openSUSE-SU:2016:1423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
              },
              {
                "name": "USN-2783-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2783-1"
              },
              {
                "name": "SUSE-SU:2016:1177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX220112"
              },
              {
                "name": "FEDORA-2015-77bfbc1bcd",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
              },
              {
                "name": "FEDORA-2015-f5f5ec7b6b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
              },
              {
                "name": "DSA-3388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3388"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
              },
              {
                "name": "SUSE-SU:2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "FEDORA-2016-34bc10a2c8",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
              },
              {
                "name": "1034670",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
              },
              {
                "name": "77312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77312"
              },
              {
                "name": "SUSE-SU:2016:1311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
              },
              {
                "name": "FreeBSD-SA-16:02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
              },
              {
                "name": "openSUSE-SU:2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
              },
              {
                "name": "SUSE-SU:2016:1247",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa113"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
              },
              {
                "name": "SUSE-SU:2016:1175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-09T10:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:1930",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
            },
            {
              "name": "SUSE-SU:2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/bugtraq/2016/Feb/164"
            },
            {
              "name": "openSUSE-SU:2016:1423",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "USN-2783-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2783-1"
            },
            {
              "name": "SUSE-SU:2016:1177",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX220112"
            },
            {
              "name": "FEDORA-2015-77bfbc1bcd",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
            },
            {
              "name": "FEDORA-2015-f5f5ec7b6b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
            },
            {
              "name": "DSA-3388",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3388"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
            },
            {
              "name": "SUSE-SU:2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "FEDORA-2016-34bc10a2c8",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
            },
            {
              "name": "1034670",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
            },
            {
              "name": "77312",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77312"
            },
            {
              "name": "SUSE-SU:2016:1311",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "FreeBSD-SA-16:02",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
            },
            {
              "name": "openSUSE-SU:2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
            },
            {
              "name": "SUSE-SU:2016:1247",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
            },
            {
              "name": "SUSE-SU:2016:1175",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-5300",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:1930",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
                },
                {
                  "name": "SUSE-SU:2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/bugtraq/2016/Feb/164"
                },
                {
                  "name": "openSUSE-SU:2016:1423",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
                },
                {
                  "name": "USN-2783-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2783-1"
                },
                {
                  "name": "SUSE-SU:2016:1177",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
                },
                {
                  "name": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
                },
                {
                  "name": "https://support.citrix.com/article/CTX220112",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX220112"
                },
                {
                  "name": "FEDORA-2015-77bfbc1bcd",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
                },
                {
                  "name": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
                },
                {
                  "name": "FEDORA-2015-f5f5ec7b6b",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
                },
                {
                  "name": "DSA-3388",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3388"
                },
                {
                  "name": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc",
                  "refsource": "CONFIRM",
                  "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
                },
                {
                  "name": "https://www.cs.bu.edu/~goldbe/NTPattack.html",
                  "refsource": "MISC",
                  "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
                },
                {
                  "name": "SUSE-SU:2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "FEDORA-2016-34bc10a2c8",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
                },
                {
                  "name": "1034670",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034670"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
                },
                {
                  "name": "77312",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77312"
                },
                {
                  "name": "SUSE-SU:2016:1311",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
                },
                {
                  "name": "FreeBSD-SA-16:02",
                  "refsource": "FREEBSD",
                  "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
                },
                {
                  "name": "openSUSE-SU:2016:1292",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
                },
                {
                  "name": "SUSE-SU:2016:1247",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa113",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa113"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug2956",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
                },
                {
                  "name": "SUSE-SU:2016:1175",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5300",
        "datePublished": "2017-07-21T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:09.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5219 (GCVE-0-2015-5219)

    Vulnerability from nvd – Published: 2017-07-21 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://aix.software.ibm.com/aix/efixes/security/n… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=is… x_refsource_CONFIRM
    https://github.com/ntp-project/ntp/commit/5f295cd… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2016-1… vendor-advisoryx_refsource_SUSE
    https://www.ibm.com/support/home/docdisplay?lndoc… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2783-1 vendor-advisoryx_refsource_UBUNTU
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2583.html vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=517867… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-0780.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2015/dsa-3388 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2015/08/25/3 mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1255118 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/76473 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    Date Public
    2013-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:08.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
              },
              {
                "name": "openSUSE-SU:2016:3280",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "USN-2783-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2783-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
              },
              {
                "name": "RHSA-2016:2583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
              },
              {
                "name": "FEDORA-2015-77bfbc1bcd",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
              },
              {
                "name": "RHSA-2016:0780",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
              },
              {
                "name": "DSA-3388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3388"
              },
              {
                "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
              },
              {
                "name": "76473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76473"
              },
              {
                "name": "SUSE-SU:2016:1311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
              },
              {
                "name": "FEDORA-2015-14212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
              },
              {
                "name": "FEDORA-2015-14213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-15T20:35:47.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
            },
            {
              "name": "openSUSE-SU:2016:3280",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "USN-2783-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2783-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
            },
            {
              "name": "RHSA-2016:2583",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
            },
            {
              "name": "FEDORA-2015-77bfbc1bcd",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
            },
            {
              "name": "RHSA-2016:0780",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
            },
            {
              "name": "DSA-3388",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3388"
            },
            {
              "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
            },
            {
              "name": "76473",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76473"
            },
            {
              "name": "SUSE-SU:2016:1311",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "FEDORA-2015-14212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
            },
            {
              "name": "FEDORA-2015-14213",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5219",
        "datePublished": "2017-07-21T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:08.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5194 (GCVE-0-2015-5194)

    Vulnerability from nvd – Published: 2017-07-21 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www-01.ibm.com/support/docview.wss?uid=is… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc1… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/76475 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2783-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/ntp-project/ntp/commit/553f2fa… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2583.html vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://rhn.redhat.com/errata/RHSA-2016-0780.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2015/dsa-3388 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2015/08/25/3 mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1254542 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    Date Public
    2010-07-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:08.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU:2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
              },
              {
                "name": "76475",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76475"
              },
              {
                "name": "USN-2783-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2783-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
              },
              {
                "name": "RHSA-2016:2583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
              },
              {
                "name": "FEDORA-2015-77bfbc1bcd",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
              },
              {
                "name": "RHSA-2016:0780",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
              },
              {
                "name": "DSA-3388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3388"
              },
              {
                "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
              },
              {
                "name": "SUSE-SU:2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "SUSE-SU:2016:1311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
              },
              {
                "name": "FEDORA-2015-14212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-07-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-17T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SU:2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
            },
            {
              "name": "76475",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76475"
            },
            {
              "name": "USN-2783-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2783-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
            },
            {
              "name": "RHSA-2016:2583",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
            },
            {
              "name": "FEDORA-2015-77bfbc1bcd",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
            },
            {
              "name": "RHSA-2016:0780",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
            },
            {
              "name": "DSA-3388",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3388"
            },
            {
              "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
            },
            {
              "name": "SUSE-SU:2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "SUSE-SU:2016:1311",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "FEDORA-2015-14212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5194",
        "datePublished": "2017-07-21T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:08.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7995 (GCVE-0-2017-7995)

    Vulnerability from nvd – Published: 2017-05-03 19:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98314",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98314"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "98314",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98314"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-7995",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98314",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98314"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1033948",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-7995",
        "datePublished": "2017-05-03T19:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7976 (GCVE-0-2015-7976)

    Vulnerability from nvd – Published: 2017-01-30 21:00 – Updated: 2024-08-06 08:06
    VLAI
    Summary
    The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-01-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:31.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "SUSE-SU-2016:1177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "1034782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034782"
              },
              {
                "name": "openSUSE-SU-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
              },
              {
                "name": "VU#718152",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/718152"
              },
              {
                "name": "SUSE-SU-2016:1247",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
              },
              {
                "name": "SUSE-SU-2016:1311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "SUSE-SU-2016:1175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
              },
              {
                "name": "FreeBSD-SA-16:09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa113"
              },
              {
                "name": "openSUSE-SU-2016:1423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "SUSE-SU-2016:1177",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "1034782",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034782"
            },
            {
              "name": "openSUSE-SU-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "VU#718152",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "SUSE-SU-2016:1247",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
            },
            {
              "name": "SUSE-SU-2016:1311",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1175",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "FreeBSD-SA-16:09",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "openSUSE-SU-2016:1423",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7976",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "SUSE-SU-2016:1177",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "1034782",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034782"
                },
                {
                  "name": "openSUSE-SU-2016:1292",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
                },
                {
                  "name": "VU#718152",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/718152"
                },
                {
                  "name": "SUSE-SU-2016:1247",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug2938",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
                },
                {
                  "name": "SUSE-SU-2016:1311",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "SUSE-SU-2016:1175",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
                },
                {
                  "name": "FreeBSD-SA-16:09",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa113",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa113"
                },
                {
                  "name": "openSUSE-SU-2016:1423",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7976",
        "datePublished": "2017-01-30T21:00:00.000Z",
        "dateReserved": "2015-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:06:31.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4957 (GCVE-0-2016-4957)

    Vulnerability from nvd – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.165Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3046"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3046"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4957",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "http://bugs.ntp.org/3046",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3046"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3046",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4957",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.165Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4956 (GCVE-0-2016-4956)

    Vulnerability from nvd – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/91009 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3042 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3042 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "91009",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91009"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3042"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:00:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "91009",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91009"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3042"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "91009",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91009"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3042",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "http://bugs.ntp.org/3042",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3042"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4956",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4955 (GCVE-0-2016-4955)

    Vulnerability from nvd – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/91007 vdb-entryx_refsource_BID
    http://support.ntp.org/bin/view/Main/NtpBug3043 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3043 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "name": "91007",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91007"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3043"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:00:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "name": "91007",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91007"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3043"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "91007",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91007"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3043",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "http://bugs.ntp.org/3043",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3043"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4955",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4954 (GCVE-0-2016-4954)

    Vulnerability from nvd – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3044 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3044 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3044"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T11:59:55.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3044"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3044",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "http://bugs.ntp.org/3044",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3044"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4954",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4953 (GCVE-0-2016-4953)

    Vulnerability from nvd – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/91010 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3045 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    http://bugs.ntp.org/3045 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "91010",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91010"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3045"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:08:56.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "91010",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91010"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3045"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "91010",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91010"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3045",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "http://bugs.ntp.org/3045",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3045"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4953",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-0264 (GCVE-0-2016-0264)

    Vulnerability from nvd – Published: 2016-05-24 15:00 – Updated: 2024-08-05 22:15
    VLAI
    Summary
    Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    URL Tags
    http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-1039.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2016-0701.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2016:1430 vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2016-0708.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    http://rhn.redhat.com/errata/RHSA-2016-0716.html vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1035953 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-0702.html vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1216 vendor-advisoryx_refsource_REDHAT
    Date Public
    2016-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:15:23.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
              },
              {
                "name": "SUSE-SU-2016:1299",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
              },
              {
                "name": "RHSA-2016:1039",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
              },
              {
                "name": "RHSA-2016:0701",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
              },
              {
                "name": "SUSE-SU-2016:1303",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
              },
              {
                "name": "SUSE-SU-2016:1475",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
              },
              {
                "name": "SUSE-SU-2016:1300",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
              },
              {
                "name": "RHSA-2016:1430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1430"
              },
              {
                "name": "RHSA-2016:0708",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
              },
              {
                "name": "SUSE-SU-2016:1378",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
              },
              {
                "name": "SUSE-SU-2016:1379",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
              },
              {
                "name": "SUSE-SU-2016:1458",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
              },
              {
                "name": "IV84035",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
              },
              {
                "name": "RHSA-2016:0716",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
              },
              {
                "name": "1035953",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035953"
              },
              {
                "name": "SUSE-SU-2016:1388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
              },
              {
                "name": "RHSA-2016:0702",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
              },
              {
                "name": "RHSA-2017:1216",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1216"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "RHSA-2016:0708",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "IV84035",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
            },
            {
              "name": "RHSA-2016:0716",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035953",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035953"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2017:1216",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-0264",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
                },
                {
                  "name": "SUSE-SU-2016:1299",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
                },
                {
                  "name": "RHSA-2016:1039",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
                },
                {
                  "name": "RHSA-2016:0701",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
                },
                {
                  "name": "SUSE-SU-2016:1303",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
                },
                {
                  "name": "SUSE-SU-2016:1475",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
                },
                {
                  "name": "SUSE-SU-2016:1300",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
                },
                {
                  "name": "RHSA-2016:1430",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1430"
                },
                {
                  "name": "RHSA-2016:0708",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
                },
                {
                  "name": "SUSE-SU-2016:1378",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
                },
                {
                  "name": "SUSE-SU-2016:1379",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
                },
                {
                  "name": "SUSE-SU-2016:1458",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
                },
                {
                  "name": "IV84035",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
                },
                {
                  "name": "RHSA-2016:0716",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
                },
                {
                  "name": "1035953",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035953"
                },
                {
                  "name": "SUSE-SU-2016:1388",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
                },
                {
                  "name": "RHSA-2016:0702",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
                },
                {
                  "name": "RHSA-2017:1216",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1216"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-0264",
        "datePublished": "2016-05-24T15:00:00.000Z",
        "dateReserved": "2015-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:15:23.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3718 (GCVE-0-2016-3718)

    Vulnerability from nvd – Published: 2016-05-05 18:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
    SSVC
    Exploitation: active Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    http://git.imagemagick.org/repos/ImageMagick/blob… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://www.imagemagick.org/discourse-server/view… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2990-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538378/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/39767/ exploitx_refsource_EXPLOIT-DB
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/201611-21 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.slackware.com/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    https://www.imagemagick.org/script/changelog.php x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3580 vendor-advisoryx_refsource_DEBIAN
    http://rhn.redhat.com/errata/RHSA-2016-0726.html vendor-advisoryx_refsource_REDHAT
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Date Public
    2016-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
              },
              {
                "name": "openSUSE-SU-2016:1266",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
              },
              {
                "name": "openSUSE-SU-2016:1326",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
              },
              {
                "name": "USN-2990-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2990-1"
              },
              {
                "name": "openSUSE-SU-2016:1261",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
              },
              {
                "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
              },
              {
                "name": "39767",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39767/"
              },
              {
                "name": "SUSE-SU-2016:1260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
              },
              {
                "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
              },
              {
                "name": "GLSA-201611-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201611-21"
              },
              {
                "name": "SUSE-SU-2016:1275",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
              },
              {
                "name": "SSA:2016-132-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.imagemagick.org/script/changelog.php"
              },
              {
                "name": "DSA-3580",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3580"
              },
              {
                "name": "RHSA-2016:0726",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-3718",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:27:43.837440Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3718"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-918",
                    "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:52.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3718"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2016-3718 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
            },
            {
              "name": "openSUSE-SU-2016:1266",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
            },
            {
              "name": "openSUSE-SU-2016:1326",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
            },
            {
              "name": "USN-2990-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2990-1"
            },
            {
              "name": "openSUSE-SU-2016:1261",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
            },
            {
              "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
            },
            {
              "name": "39767",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39767/"
            },
            {
              "name": "SUSE-SU-2016:1260",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
            },
            {
              "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
            },
            {
              "name": "GLSA-201611-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201611-21"
            },
            {
              "name": "SUSE-SU-2016:1275",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
            },
            {
              "name": "SSA:2016-132-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.imagemagick.org/script/changelog.php"
            },
            {
              "name": "DSA-3580",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3580"
            },
            {
              "name": "RHSA-2016:0726",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-3718",
        "datePublished": "2016-05-05T18:00:00.000Z",
        "dateReserved": "2016-03-30T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:52.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3715 (GCVE-0-2016-3715)

    Vulnerability from nvd – Published: 2016-05-05 18:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
    SSVC
    Exploitation: active Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    URL Tags
    http://git.imagemagick.org/repos/ImageMagick/blob… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://www.imagemagick.org/discourse-server/view… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2990-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538378/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/39767/ exploitx_refsource_EXPLOIT-DB
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    http://www.debian.org/security/2016/dsa-3746 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201611-21 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.slackware.com/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    https://www.imagemagick.org/script/changelog.php x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3580 vendor-advisoryx_refsource_DEBIAN
    http://rhn.redhat.com/errata/RHSA-2016-0726.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/89852 vdb-entryx_refsource_BID
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Date Public
    2016-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.450Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
              },
              {
                "name": "openSUSE-SU-2016:1266",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
              },
              {
                "name": "openSUSE-SU-2016:1326",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
              },
              {
                "name": "USN-2990-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2990-1"
              },
              {
                "name": "openSUSE-SU-2016:1261",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
              },
              {
                "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
              },
              {
                "name": "39767",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39767/"
              },
              {
                "name": "SUSE-SU-2016:1260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
              },
              {
                "name": "DSA-3746",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3746"
              },
              {
                "name": "GLSA-201611-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201611-21"
              },
              {
                "name": "SUSE-SU-2016:1275",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
              },
              {
                "name": "SSA:2016-132-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.imagemagick.org/script/changelog.php"
              },
              {
                "name": "DSA-3580",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3580"
              },
              {
                "name": "RHSA-2016:0726",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
              },
              {
                "name": "89852",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/89852"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-3715",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:27:17.433989Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3715"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-552",
                    "description": "CWE-552 Files or Directories Accessible to External Parties",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:52.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3715"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2016-3715 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
            },
            {
              "name": "openSUSE-SU-2016:1266",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
            },
            {
              "name": "openSUSE-SU-2016:1326",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
            },
            {
              "name": "USN-2990-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2990-1"
            },
            {
              "name": "openSUSE-SU-2016:1261",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
            },
            {
              "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
            },
            {
              "name": "39767",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39767/"
            },
            {
              "name": "SUSE-SU-2016:1260",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
            },
            {
              "name": "DSA-3746",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3746"
            },
            {
              "name": "GLSA-201611-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201611-21"
            },
            {
              "name": "SUSE-SU-2016:1275",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
            },
            {
              "name": "SSA:2016-132-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.imagemagick.org/script/changelog.php"
            },
            {
              "name": "DSA-3580",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3580"
            },
            {
              "name": "RHSA-2016:0726",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
            },
            {
              "name": "89852",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/89852"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-3715",
        "datePublished": "2016-05-05T18:00:00.000Z",
        "dateReserved": "2016-03-30T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:52.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-31431 (GCVE-0-2026-31431)

    Vulnerability from cvelistv5 – Published: 2026-04-22 08:15 – Updated: 2026-07-01 12:05
    VLAI CISA CIRCL KEVIntel
    Title
    crypto: algif_aead - Revert to operating out-of-place
    Summary
    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/893d22e0135fa394d…
    https://git.kernel.org/stable/c/19d43105a97be0810…
    https://git.kernel.org/stable/c/961cfa271a918ad4a…
    https://git.kernel.org/stable/c/3115af9644c342b35…
    https://git.kernel.org/stable/c/8b88d99341f139e23…
    https://git.kernel.org/stable/c/fafe0fa2995a0f707…
    https://git.kernel.org/stable/c/ce42ee423e58dffa5…
    https://git.kernel.org/stable/c/a664bf3d603dc3bdc…
    https://github.com/theori-io/copy-fail-CVE-2026-31431 exploit
    https://xint.io/blog/copy-fail-linux-distribution… mitigation
    https://lore.kernel.org/linux-cve-announce/202604… mitigation
    https://access.redhat.com/security/cve/cve-2026-3… mitigation
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://www.openwall.com/lists/oss-security/2026/0…
    https://copy.fail
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/04/30/2
    http://www.openwall.com/lists/oss-security/2026/04/30/5
    http://www.openwall.com/lists/oss-security/2026/04/30/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://websec.net/blog/cve-2026-31431-linux-algi…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/01/2
    http://www.openwall.com/lists/oss-security/2026/05/01/3
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/02/4
    http://www.openwall.com/lists/oss-security/2026/05/02/5
    http://www.openwall.com/lists/oss-security/2026/05/02/6
    http://www.openwall.com/lists/oss-security/2026/05/02/7
    http://www.openwall.com/lists/oss-security/2026/05/02/8
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/3
    http://www.openwall.com/lists/oss-security/2026/05/03/4
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/5
    http://www.openwall.com/lists/oss-security/2026/05/03/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/1
    http://www.openwall.com/lists/oss-security/2026/05/04/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/8
    http://www.openwall.com/lists/oss-security/2026/05/04/9
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/06/5
    http://www.openwall.com/lists/oss-security/2026/05/07/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://www.kb.cert.org/vuls/id/260001
    http://www.openwall.com/lists/oss-security/2026/05/18/3
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://access.redhat.com/security/cve/CVE-2026-31431 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460538 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:14926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33486 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13727 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13887 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13936 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14230 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16208 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13578 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14301 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.14
    Unaffected: 0 , < 4.14 (semver)
    Unaffected: 5.10.254 , ≤ 5.10.* (semver)
    Unaffected: 5.15.204 , ≤ 5.15.* (semver)
    Unaffected: 6.1.170 , ≤ 6.1.* (semver)
    Unaffected: 6.6.137 , ≤ 6.6.* (semver)
    Unaffected: 6.12.85 , ≤ 6.12.* (semver)
    Unaffected: 6.18.22 , ≤ 6.18.* (semver)
    Unaffected: 6.19.12 , ≤ 6.19.* (semver)
    Unaffected: 7.0 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31431",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-05-01",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-669",
                    "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-02T03:55:23.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:00:00.000Z",
                "value": "CVE-2026-31431 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:44:54.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
              },
              {
                "url": "https://copy.fail"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
              },
              {
                "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/260001"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:09:03.910Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Linux kernel\u0027s algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1288",
                    "description": "Improper Validation of Consistency within Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:08.344Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
              },
              {
                "name": "RHBZ#2460538",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33486"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14097"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13729"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13885"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13727"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13862"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13811"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13887"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13566"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13936"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13734"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14339"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15976"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14230"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13681"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16210"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16209"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16208"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16018"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15978"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13578"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14301"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:14926: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33486: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14097: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14112: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13729: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13885: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13727: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13690: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13862: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13811: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13887: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13932: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14339: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15976: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14230: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16111: Red Hat Enterprise Linux BaseOS E4S (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16210: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16209: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16208: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16063: Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16018: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15978: Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: crypto: algif_aead - Revert to operating out-of-place",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "893d22e0135fa394db81df88697fba6032747667",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "lessThan": "4.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.254",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.204",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.170",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.137",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.85",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.22",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.19.*",
                  "status": "unaffected",
                  "version": "6.19.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.0",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.254",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.204",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.170",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.137",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.85",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.22",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.19.12",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:08:34.612Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
            },
            {
              "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
            },
            {
              "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
            },
            {
              "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
            },
            {
              "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
            },
            {
              "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
            },
            {
              "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
            },
            {
              "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
            }
          ],
          "title": "crypto: algif_aead - Revert to operating out-of-place",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-31431",
        "datePublished": "2026-04-22T08:15:10.123Z",
        "dateReserved": "2026-03-09T15:48:24.089Z",
        "dateUpdated": "2026-07-01T12:05:08.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-27239 (GCVE-0-2022-27239)

    Vulnerability from cvelistv5 – Published: 2022-04-27 00:00 – Updated: 2024-08-03 05:25
    VLAI

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:32.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/piastry/cifs-utils/pull/7"
              },
              {
                "name": "FEDORA-2022-eb2d3ca94d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"
              },
              {
                "name": "FEDORA-2022-7fda04ab5a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"
              },
              {
                "name": "FEDORA-2022-34de4f833d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"
              },
              {
                "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"
              },
              {
                "name": "DSA-5157",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5157"
              },
              {
                "name": "GLSA-202311-05",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-05"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-24T15:06:24.937Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"
            },
            {
              "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"
            },
            {
              "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"
            },
            {
              "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"
            },
            {
              "url": "https://github.com/piastry/cifs-utils/pull/7"
            },
            {
              "name": "FEDORA-2022-eb2d3ca94d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"
            },
            {
              "name": "FEDORA-2022-7fda04ab5a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"
            },
            {
              "name": "FEDORA-2022-34de4f833d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"
            },
            {
              "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"
            },
            {
              "name": "DSA-5157",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5157"
            },
            {
              "name": "GLSA-202311-05",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202311-05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-27239",
        "datePublished": "2022-04-27T00:00:00.000Z",
        "dateReserved": "2022-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:25:32.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4034 (GCVE-0-2021-4034)

    Vulnerability from cvelistv5 – Published: 2022-01-28 00:00 – Updated: 2025-10-21 23:15
    VLAI CISA KEVIntel
    Summary
    A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a polkit Affected: all
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-23T18:05:54.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.suse.com/support/kb/doc/?id=000020564"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-4034",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-12T10:21:57.857346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-06-27",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:48.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-06-27T00:00:00.000Z",
                "value": "CVE-2021-4034 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "polkit",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "(CWE-787|CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-18T00:16:44.133Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
            },
            {
              "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
            },
            {
              "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
            },
            {
              "url": "https://www.suse.com/support/kb/doc/?id=000020564"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
            },
            {
              "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
            },
            {
              "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4034",
        "datePublished": "2022-01-28T00:00:00.000Z",
        "dateReserved": "2021-11-29T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:48.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5300 (GCVE-0-2015-5300)

    Vulnerability from cvelistv5 – Published: 2017-07-21 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-1930.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://seclists.org/bugtraq/2016/Feb/164 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2783-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 x_refsource_MISC
    https://www.oracle.com/technetwork/topics/securit… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/SecurityNoti… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1271076 x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://support.citrix.com/article/CTX220112 x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://www.ibm.com/support/home/docdisplay?lndoc… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.debian.org/security/2015/dsa-3388 vendor-advisoryx_refsource_DEBIAN
    https://www.oracle.com/technetwork/topics/securit… x_refsource_CONFIRM
    http://aix.software.ibm.com/aix/efixes/security/n… x_refsource_CONFIRM
    https://www.cs.bu.edu/~goldbe/NTPattack.html x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id/1034670 vdb-entryx_refsource_SECTRACK
    https://www-01.ibm.com/support/docview.wss?uid=is… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/77312 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.freebsd.org/security/advisories/FreeB… vendor-advisoryx_refsource_FREEBSD
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www-01.ibm.com/support/docview.wss?uid=na… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www-01.ibm.com/support/docview.wss?uid=is… x_refsource_CONFIRM
    https://bto.bluecoat.com/security-advisory/sa113 x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=ss… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug2956 x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.netapp.com/advisory/ntap-2017100… x_refsource_CONFIRM
    Date Public
    2015-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:09.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:1930",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
              },
              {
                "name": "SUSE-SU:2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2016/Feb/164"
              },
              {
                "name": "openSUSE-SU:2016:1423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
              },
              {
                "name": "USN-2783-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2783-1"
              },
              {
                "name": "SUSE-SU:2016:1177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX220112"
              },
              {
                "name": "FEDORA-2015-77bfbc1bcd",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
              },
              {
                "name": "FEDORA-2015-f5f5ec7b6b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
              },
              {
                "name": "DSA-3388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3388"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
              },
              {
                "name": "SUSE-SU:2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "FEDORA-2016-34bc10a2c8",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
              },
              {
                "name": "1034670",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
              },
              {
                "name": "77312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77312"
              },
              {
                "name": "SUSE-SU:2016:1311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
              },
              {
                "name": "FreeBSD-SA-16:02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
              },
              {
                "name": "openSUSE-SU:2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
              },
              {
                "name": "SUSE-SU:2016:1247",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa113"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
              },
              {
                "name": "SUSE-SU:2016:1175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-09T10:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:1930",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
            },
            {
              "name": "SUSE-SU:2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/bugtraq/2016/Feb/164"
            },
            {
              "name": "openSUSE-SU:2016:1423",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "USN-2783-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2783-1"
            },
            {
              "name": "SUSE-SU:2016:1177",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX220112"
            },
            {
              "name": "FEDORA-2015-77bfbc1bcd",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
            },
            {
              "name": "FEDORA-2015-f5f5ec7b6b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
            },
            {
              "name": "DSA-3388",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3388"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
            },
            {
              "name": "SUSE-SU:2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "FEDORA-2016-34bc10a2c8",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
            },
            {
              "name": "1034670",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
            },
            {
              "name": "77312",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77312"
            },
            {
              "name": "SUSE-SU:2016:1311",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "FreeBSD-SA-16:02",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
            },
            {
              "name": "openSUSE-SU:2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
            },
            {
              "name": "SUSE-SU:2016:1247",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
            },
            {
              "name": "SUSE-SU:2016:1175",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-5300",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:1930",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
                },
                {
                  "name": "SUSE-SU:2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/bugtraq/2016/Feb/164"
                },
                {
                  "name": "openSUSE-SU:2016:1423",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
                },
                {
                  "name": "USN-2783-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2783-1"
                },
                {
                  "name": "SUSE-SU:2016:1177",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
                },
                {
                  "name": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
                },
                {
                  "name": "https://support.citrix.com/article/CTX220112",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX220112"
                },
                {
                  "name": "FEDORA-2015-77bfbc1bcd",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
                },
                {
                  "name": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
                },
                {
                  "name": "FEDORA-2015-f5f5ec7b6b",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
                },
                {
                  "name": "DSA-3388",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3388"
                },
                {
                  "name": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc",
                  "refsource": "CONFIRM",
                  "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
                },
                {
                  "name": "https://www.cs.bu.edu/~goldbe/NTPattack.html",
                  "refsource": "MISC",
                  "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
                },
                {
                  "name": "SUSE-SU:2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "FEDORA-2016-34bc10a2c8",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
                },
                {
                  "name": "1034670",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034670"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
                },
                {
                  "name": "77312",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77312"
                },
                {
                  "name": "SUSE-SU:2016:1311",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
                },
                {
                  "name": "FreeBSD-SA-16:02",
                  "refsource": "FREEBSD",
                  "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
                },
                {
                  "name": "openSUSE-SU:2016:1292",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
                },
                {
                  "name": "SUSE-SU:2016:1247",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa113",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa113"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug2956",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
                },
                {
                  "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506",
                  "refsource": "CONFIRM",
                  "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
                },
                {
                  "name": "SUSE-SU:2016:1175",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5300",
        "datePublished": "2017-07-21T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:09.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5219 (GCVE-0-2015-5219)

    Vulnerability from cvelistv5 – Published: 2017-07-21 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://aix.software.ibm.com/aix/efixes/security/n… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=is… x_refsource_CONFIRM
    https://github.com/ntp-project/ntp/commit/5f295cd… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2016-1… vendor-advisoryx_refsource_SUSE
    https://www.ibm.com/support/home/docdisplay?lndoc… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2783-1 vendor-advisoryx_refsource_UBUNTU
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2583.html vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=517867… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-0780.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2015/dsa-3388 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2015/08/25/3 mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1255118 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/76473 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    Date Public
    2013-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:08.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
              },
              {
                "name": "openSUSE-SU:2016:3280",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "USN-2783-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2783-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
              },
              {
                "name": "RHSA-2016:2583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
              },
              {
                "name": "FEDORA-2015-77bfbc1bcd",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
              },
              {
                "name": "RHSA-2016:0780",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
              },
              {
                "name": "DSA-3388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3388"
              },
              {
                "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
              },
              {
                "name": "76473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76473"
              },
              {
                "name": "SUSE-SU:2016:1311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
              },
              {
                "name": "FEDORA-2015-14212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
              },
              {
                "name": "FEDORA-2015-14213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-15T20:35:47.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
            },
            {
              "name": "openSUSE-SU:2016:3280",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "USN-2783-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2783-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
            },
            {
              "name": "RHSA-2016:2583",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
            },
            {
              "name": "FEDORA-2015-77bfbc1bcd",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
            },
            {
              "name": "RHSA-2016:0780",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
            },
            {
              "name": "DSA-3388",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3388"
            },
            {
              "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
            },
            {
              "name": "76473",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76473"
            },
            {
              "name": "SUSE-SU:2016:1311",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "FEDORA-2015-14212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
            },
            {
              "name": "FEDORA-2015-14213",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5219",
        "datePublished": "2017-07-21T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:08.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5194 (GCVE-0-2015-5194)

    Vulnerability from cvelistv5 – Published: 2017-07-21 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www-01.ibm.com/support/docview.wss?uid=is… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc1… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/76475 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2783-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/ntp-project/ntp/commit/553f2fa… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2583.html vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://rhn.redhat.com/errata/RHSA-2016-0780.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2015/dsa-3388 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2015/08/25/3 mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1254542 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    https://www-01.ibm.com/support/docview.wss?uid=sw… x_refsource_CONFIRM
    Date Public
    2010-07-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:08.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU:2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
              },
              {
                "name": "76475",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76475"
              },
              {
                "name": "USN-2783-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2783-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
              },
              {
                "name": "RHSA-2016:2583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
              },
              {
                "name": "FEDORA-2015-77bfbc1bcd",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
              },
              {
                "name": "RHSA-2016:0780",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
              },
              {
                "name": "DSA-3388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3388"
              },
              {
                "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
              },
              {
                "name": "SUSE-SU:2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "SUSE-SU:2016:1311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
              },
              {
                "name": "FEDORA-2015-14212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-07-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-17T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SU:2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
            },
            {
              "name": "76475",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76475"
            },
            {
              "name": "USN-2783-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2783-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
            },
            {
              "name": "RHSA-2016:2583",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
            },
            {
              "name": "FEDORA-2015-77bfbc1bcd",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
            },
            {
              "name": "RHSA-2016:0780",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
            },
            {
              "name": "DSA-3388",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3388"
            },
            {
              "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
            },
            {
              "name": "SUSE-SU:2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "SUSE-SU:2016:1311",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "FEDORA-2015-14212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5194",
        "datePublished": "2017-07-21T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:08.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7995 (GCVE-0-2017-7995)

    Vulnerability from cvelistv5 – Published: 2017-05-03 19:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98314",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98314"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "98314",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98314"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-7995",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98314",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98314"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1033948",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-7995",
        "datePublished": "2017-05-03T19:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7976 (GCVE-0-2015-7976)

    Vulnerability from cvelistv5 – Published: 2017-01-30 21:00 – Updated: 2024-08-06 08:06
    VLAI
    Summary
    The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-01-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:31.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "SUSE-SU-2016:1177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "1034782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034782"
              },
              {
                "name": "openSUSE-SU-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
              },
              {
                "name": "VU#718152",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/718152"
              },
              {
                "name": "SUSE-SU-2016:1247",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
              },
              {
                "name": "SUSE-SU-2016:1311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "SUSE-SU-2016:1175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
              },
              {
                "name": "FreeBSD-SA-16:09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa113"
              },
              {
                "name": "openSUSE-SU-2016:1423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "SUSE-SU-2016:1177",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "1034782",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034782"
            },
            {
              "name": "openSUSE-SU-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "VU#718152",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "SUSE-SU-2016:1247",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
            },
            {
              "name": "SUSE-SU-2016:1311",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1175",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "FreeBSD-SA-16:09",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "openSUSE-SU-2016:1423",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7976",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "SUSE-SU-2016:1177",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "1034782",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034782"
                },
                {
                  "name": "openSUSE-SU-2016:1292",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
                },
                {
                  "name": "VU#718152",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/718152"
                },
                {
                  "name": "SUSE-SU-2016:1247",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug2938",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
                },
                {
                  "name": "SUSE-SU-2016:1311",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "SUSE-SU-2016:1175",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
                },
                {
                  "name": "FreeBSD-SA-16:09",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa113",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa113"
                },
                {
                  "name": "openSUSE-SU-2016:1423",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7976",
        "datePublished": "2017-01-30T21:00:00.000Z",
        "dateReserved": "2015-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:06:31.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4953 (GCVE-0-2016-4953)

    Vulnerability from cvelistv5 – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/91010 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3045 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    http://bugs.ntp.org/3045 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "91010",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91010"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3045"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:08:56.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "91010",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91010"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3045"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "91010",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91010"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3045",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "http://bugs.ntp.org/3045",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3045"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4953",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4954 (GCVE-0-2016-4954)

    Vulnerability from cvelistv5 – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3044 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3044 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3044"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T11:59:55.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3044"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3044",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "http://bugs.ntp.org/3044",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3044"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4954",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4957 (GCVE-0-2016-4957)

    Vulnerability from cvelistv5 – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.165Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3046"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3046"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4957",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "http://bugs.ntp.org/3046",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3046"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3046",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4957",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.165Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4955 (GCVE-0-2016-4955)

    Vulnerability from cvelistv5 – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/91007 vdb-entryx_refsource_BID
    http://support.ntp.org/bin/view/Main/NtpBug3043 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3043 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://packetstormsecurity.com/files/137322/FreeB… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:39.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "name": "91007",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91007"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3043"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:00:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "name": "91007",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91007"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3043"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "91007",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91007"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3043",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "http://bugs.ntp.org/3043",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3043"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4955",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:39.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4956 (GCVE-0-2016-4956)

    Vulnerability from cvelistv5 – Published: 2016-07-05 01:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3096-1 vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/91009 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036037 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://support.ntp.org/bin/view/Main/NtpBug3042 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://bugs.ntp.org/3042 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://support.ntp.org/bin/view/Main/SecurityNotice x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201607-15 vendor-advisoryx_refsource_GENTOO
    http://packetstormsecurity.com/files/137321/Slack… x_refsource_MISC
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/540683/100… mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/538599/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/538600/100… mailing-listx_refsource_BUGTRAQ
    https://www.kb.cert.org/vuls/id/321640 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/archive/1/… mailing-listx_refsource_BUGTRAQ
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 x_refsource_MISC
    Date Public
    2016-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1602",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
              },
              {
                "name": "USN-3096-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3096-1"
              },
              {
                "name": "FEDORA-2016-c3bd6a3496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
              },
              {
                "name": "91009",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91009"
              },
              {
                "name": "openSUSE-SU-2016:1583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
              },
              {
                "name": "FreeBSD-SA-16:24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
              },
              {
                "name": "SUSE-SU-2016:1912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
              },
              {
                "name": "FEDORA-2016-89e0874533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
              },
              {
                "name": "1036037",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036037"
              },
              {
                "name": "SUSE-SU-2016:1584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
              },
              {
                "name": "SUSE-SU-2016:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.ntp.org/3042"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/321640"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
              },
              {
                "name": "FEDORA-2016-50b0066b7f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
              },
              {
                "name": "openSUSE-SU-2016:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
              },
              {
                "name": "SUSE-SU-2016:1563",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
              },
              {
                "name": "GLSA-201607-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201607-15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
              },
              {
                "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
              },
              {
                "name": "SUSE-SU-2016:1568",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
              },
              {
                "name": "VU#321640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/321640"
              },
              {
                "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
              },
              {
                "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T12:00:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1602",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "91009",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91009"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.ntp.org/3042"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1602",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
                },
                {
                  "name": "USN-3096-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3096-1"
                },
                {
                  "name": "FEDORA-2016-c3bd6a3496",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
                },
                {
                  "name": "91009",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91009"
                },
                {
                  "name": "openSUSE-SU-2016:1583",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
                },
                {
                  "name": "FreeBSD-SA-16:24",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
                },
                {
                  "name": "SUSE-SU-2016:1912",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
                },
                {
                  "name": "FEDORA-2016-89e0874533",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
                },
                {
                  "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
                },
                {
                  "name": "1036037",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036037"
                },
                {
                  "name": "SUSE-SU-2016:1584",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/NtpBug3042",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
                },
                {
                  "name": "SUSE-SU-2016:2094",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
                },
                {
                  "name": "http://bugs.ntp.org/3042",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.ntp.org/3042"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
                  "refsource": "CONFIRM",
                  "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
                },
                {
                  "name": "FEDORA-2016-50b0066b7f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
                },
                {
                  "name": "openSUSE-SU-2016:1636",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
                },
                {
                  "name": "SUSE-SU-2016:1563",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
                },
                {
                  "name": "GLSA-201607-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201607-15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
                },
                {
                  "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "SUSE-SU-2016:1568",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "VU#321640",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/321640"
                },
                {
                  "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
                },
                {
                  "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4956",
        "datePublished": "2016-07-05T01:00:00.000Z",
        "dateReserved": "2016-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-0264 (GCVE-0-2016-0264)

    Vulnerability from cvelistv5 – Published: 2016-05-24 15:00 – Updated: 2024-08-05 22:15
    VLAI
    Summary
    Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    URL Tags
    http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-1039.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2016-0701.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2016:1430 vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2016-0708.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    http://rhn.redhat.com/errata/RHSA-2016-0716.html vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1035953 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-0702.html vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1216 vendor-advisoryx_refsource_REDHAT
    Date Public
    2016-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:15:23.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
              },
              {
                "name": "SUSE-SU-2016:1299",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
              },
              {
                "name": "RHSA-2016:1039",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
              },
              {
                "name": "RHSA-2016:0701",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
              },
              {
                "name": "SUSE-SU-2016:1303",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
              },
              {
                "name": "SUSE-SU-2016:1475",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
              },
              {
                "name": "SUSE-SU-2016:1300",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
              },
              {
                "name": "RHSA-2016:1430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1430"
              },
              {
                "name": "RHSA-2016:0708",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
              },
              {
                "name": "SUSE-SU-2016:1378",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
              },
              {
                "name": "SUSE-SU-2016:1379",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
              },
              {
                "name": "SUSE-SU-2016:1458",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
              },
              {
                "name": "IV84035",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
              },
              {
                "name": "RHSA-2016:0716",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
              },
              {
                "name": "1035953",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035953"
              },
              {
                "name": "SUSE-SU-2016:1388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
              },
              {
                "name": "RHSA-2016:0702",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
              },
              {
                "name": "RHSA-2017:1216",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1216"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "RHSA-2016:0708",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "IV84035",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
            },
            {
              "name": "RHSA-2016:0716",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035953",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035953"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2017:1216",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-0264",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
                },
                {
                  "name": "SUSE-SU-2016:1299",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
                },
                {
                  "name": "RHSA-2016:1039",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
                },
                {
                  "name": "RHSA-2016:0701",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
                },
                {
                  "name": "SUSE-SU-2016:1303",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
                },
                {
                  "name": "SUSE-SU-2016:1475",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
                },
                {
                  "name": "SUSE-SU-2016:1300",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
                },
                {
                  "name": "RHSA-2016:1430",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1430"
                },
                {
                  "name": "RHSA-2016:0708",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
                },
                {
                  "name": "SUSE-SU-2016:1378",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
                },
                {
                  "name": "SUSE-SU-2016:1379",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
                },
                {
                  "name": "SUSE-SU-2016:1458",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
                },
                {
                  "name": "IV84035",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
                },
                {
                  "name": "RHSA-2016:0716",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
                },
                {
                  "name": "1035953",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035953"
                },
                {
                  "name": "SUSE-SU-2016:1388",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
                },
                {
                  "name": "RHSA-2016:0702",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
                },
                {
                  "name": "RHSA-2017:1216",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1216"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-0264",
        "datePublished": "2016-05-24T15:00:00.000Z",
        "dateReserved": "2015-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:15:23.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }