← Back

CVE-2009-1252

nvd nist
Published: May 19, 2009Modified: Apr 23, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

Affected (78)

Products: Ntp: Ntp
Ntp
1 product
Ntp
Configuration A
78 vulnerable
Vulnerable SoftwareAffected Versions
Ntp
Ntp
Version 4.2.4p0
Ntp
Version 4.2.4p1
Ntp
Version 4.2.4p2
Ntp
Version 4.2.4p3
Ntp
Version 4.2.4p4
Ntp
Version 4.2.4p5
Ntp
Version 4.2.4p6
Ntp
Version 4.2.5p0
Ntp
Version 4.2.5p10
Ntp
Version 4.2.5p11
Ntp
Version 4.2.5p12
Ntp
Version 4.2.5p13
Ntp
Version 4.2.5p14
Ntp
Version 4.2.5p15
Ntp
Version 4.2.5p16
Ntp
Version 4.2.5p17
Ntp
Version 4.2.5p18
Ntp
Version 4.2.5p19
Ntp
Version 4.2.5p1
Ntp
Version 4.2.5p20
Ntp
Version 4.2.5p21
Ntp
Version 4.2.5p23
Ntp
Version 4.2.5p24
Ntp
Version 4.2.5p25
Ntp
Version 4.2.5p26
Ntp
Version 4.2.5p27
Ntp
Version 4.2.5p28
Ntp
Version 4.2.5p29
Ntp
Version 4.2.5p2
Ntp
Version 4.2.5p30
Ntp
Version 4.2.5p31
Ntp
Version 4.2.5p32
Ntp
Version 4.2.5p33
Ntp
Version 4.2.5p35
Ntp
Version 4.2.5p36
Ntp
Version 4.2.5p37
Ntp
Version 4.2.5p38
Ntp
Version 4.2.5p39
Ntp
Version 4.2.5p3
Ntp
Version 4.2.5p40
Ntp
Version 4.2.5p41
Ntp
Version 4.2.5p42
Ntp
Version 4.2.5p43
Ntp
Version 4.2.5p44
Ntp
Version 4.2.5p45
Ntp
Version 4.2.5p46
Ntp
Version 4.2.5p47
Ntp
Version 4.2.5p48
Ntp
Version 4.2.5p49
Ntp
Version 4.2.5p4
Ntp
Version 4.2.5p50
Ntp
Version 4.2.5p51
Ntp
Version 4.2.5p52
Ntp
Version 4.2.5p53
Ntp
Version 4.2.5p54
Ntp
Version 4.2.5p55
Ntp
Version 4.2.5p56
Ntp
Version 4.2.5p57
Ntp
Version 4.2.5p58
Ntp
Version 4.2.5p59
Ntp
Version 4.2.5p5
Ntp
Version 4.2.5p60
Ntp
Version 4.2.5p61
Ntp
Version 4.2.5p62
Ntp
Version 4.2.5p63
Ntp
Version 4.2.5p64
Ntp
Version 4.2.5p65
Ntp
Version 4.2.5p66
Ntp
Version 4.2.5p67
Ntp
Version 4.2.5p68
Ntp
Version 4.2.5p69
Ntp
Version 4.2.5p6
Ntp
Version 4.2.5p70
Ntp
Version 4.2.5p71
Ntp
Version 4.2.5p73
Ntp
Version 4.2.5p7
Ntp
Version 4.2.5p8
Ntp
Version 4.2.5p9

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (78)

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc (unsafe URL)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
US Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.