CVE-2015-7849

Published: Aug 7, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.

Affected (24)

Products: Ntp: Ntp · Netapp: Clustered Data Ontap, Data Ontap, Oncommand Balance, Oncommand Performance Manager, Oncommand Unified Manager

1 product

5 products

Clustered Data Ontap

Oncommand Balance

Oncommand Performance Manager

Oncommand Unified Manager

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	From 4.2.0 to 4.2.8
Ntp Ntp	From 4.3.0 to 4.3.77
Ntp Ntp	Version 4.2.8
Ntp Ntp	Version 4.2.8 p1-beta1
Ntp Ntp	Version 4.2.8 p1-beta2
Ntp Ntp	Version 4.2.8 p1-beta3
Ntp Ntp	Version 4.2.8 p1-beta4
Ntp Ntp	Version 4.2.8 p1-beta5
Ntp Ntp	Version 4.2.8 p1-rc1
Ntp Ntp	Version 4.2.8 p1-rc2
Ntp Ntp	Version 4.2.8 p1
Ntp Ntp	Version 4.2.8 p2-rc1
Ntp Ntp	Version 4.2.8 p2-rc2
Ntp Ntp	Version 4.2.8 p2-rc3
Ntp Ntp	Version 4.2.8 p2
Ntp Ntp	Version 4.2.8 p3-rc1
Ntp Ntp	Version 4.2.8 p3-rc2
Ntp Ntp	Version 4.2.8 p3-rc3
Ntp Ntp	Version 4.2.8 p3

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	All versions
Netapp Data Ontap	All versions
Netapp Oncommand Balance	All versions
Netapp Oncommand Performance Manager	All versions
Netapp Oncommand Unified Manager	All versions

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (12)

http://support.ntp.org/bin/view/Main/NtpBug2916

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/77276

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033951

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1274257

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201607-15

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://security.netapp.com/advisory/ntap-20171004-0001/

Source: cve@mitre.org

Third Party Advisory

http://support.ntp.org/bin/view/Main/NtpBug2916

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/77276

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033951

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1274257

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201607-15

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://security.netapp.com/advisory/ntap-20171004-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.