CVE-2016-2518

Published: Jan 30, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

Affected (124)

Products: Ntp: Ntp · Debian: Debian Linux · Netapp: Clustered Data Ontap, Data Ontap, Oncommand Balance, Oncommand Performance Manager, Oncommand Unified Manager For Clustered Data Ontap · +4 more

Show all products

1 product

1 product

5 products

Oncommand Performance Manager

Oncommand Unified Manager For Clustered Data Ontap

Oracle

2 products

Communications User Data Repository

Linux

Redhat

6 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Freebsd

1 product

Freebsd

Siemens

1 product

Simatic Net Cp 443 1 Opc Ua Firmware

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	Before 4.2.8
Ntp Ntp	From 4.3.0 to 4.3.92
Ntp Ntp	Version 4.2.8
Ntp Ntp	Version 4.2.8 p1-beta1
Ntp Ntp	Version 4.2.8 p1-beta2
Ntp Ntp	Version 4.2.8 p1-beta3
Ntp Ntp	Version 4.2.8 p1-beta4
Ntp Ntp	Version 4.2.8 p1-beta5
Ntp Ntp	Version 4.2.8 p1-rc1
Ntp Ntp	Version 4.2.8 p1-rc2
Ntp Ntp	Version 4.2.8 p1
Ntp Ntp	Version 4.2.8 p2-rc1
Ntp Ntp	Version 4.2.8 p2-rc2
Ntp Ntp	Version 4.2.8 p2-rc3
Ntp Ntp	Version 4.2.8 p2
Ntp Ntp	Version 4.2.8 p3-rc1
Ntp Ntp	Version 4.2.8 p3-rc2
Ntp Ntp	Version 4.2.8 p3-rc3
Ntp Ntp	Version 4.2.8 p3
Ntp Ntp	Version 4.2.8 p4
Ntp Ntp	Version 4.2.8 p5
Ntp Ntp	Version 4.2.8 p6
Ntp Ntp	Version 4.2.8 p7
Ntp Ntp	Version 4.2.8 p8

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	All versions
Netapp Data Ontap	All versions
Netapp Oncommand Balance	All versions
Netapp Oncommand Performance Manager	All versions
Netapp Oncommand Unified Manager For Clustered Data Ontap	All versions

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications User Data Repository	Version 10.0.0
Oracle Communications User Data Repository	Version 10.0.1
Oracle Communications User Data Repository	Version 12.0.0
Oracle Linux	Version 6
Oracle Linux	Version 7

Configuration E

17 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.2
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.2
Redhat Enterprise Linux Server Eus	Version 7.3
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 7.2
Redhat Enterprise Linux Server Tus	Version 7.3
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 6.0

Configuration F

69 vulnerable

Vulnerable Software	Affected Versions
Freebsd Freebsd	Version 10.1
Freebsd Freebsd	Version 10.1 p10
Freebsd Freebsd	Version 10.1 p12
Freebsd Freebsd	Version 10.1 p15
Freebsd Freebsd	Version 10.1 p16
Freebsd Freebsd	Version 10.1 p17
Freebsd Freebsd	Version 10.1 p18
Freebsd Freebsd	Version 10.1 p19
Freebsd Freebsd	Version 10.1 p1
Freebsd Freebsd	Version 10.1 p22
Freebsd Freebsd	Version 10.1 p24
Freebsd Freebsd	Version 10.1 p25
Freebsd Freebsd	Version 10.1 p26
Freebsd Freebsd	Version 10.1 p27
Freebsd Freebsd	Version 10.1 p28
Freebsd Freebsd	Version 10.1 p29
Freebsd Freebsd	Version 10.1 p2
Freebsd Freebsd	Version 10.1 p30
Freebsd Freebsd	Version 10.1 p31
Freebsd Freebsd	Version 10.1 p3
Freebsd Freebsd	Version 10.1 p4
Freebsd Freebsd	Version 10.1 p5
Freebsd Freebsd	Version 10.1 p6
Freebsd Freebsd	Version 10.1 p7
Freebsd Freebsd	Version 10.1 p8
Freebsd Freebsd	Version 10.1 p9
Freebsd Freebsd	Version 10.2
Freebsd Freebsd	Version 10.2 p10
Freebsd Freebsd	Version 10.2 p11
Freebsd Freebsd	Version 10.2 p12
Freebsd Freebsd	Version 10.2 p13
Freebsd Freebsd	Version 10.2 p14
Freebsd Freebsd	Version 10.2 p1
Freebsd Freebsd	Version 10.2 p2
Freebsd Freebsd	Version 10.2 p5
Freebsd Freebsd	Version 10.2 p7
Freebsd Freebsd	Version 10.2 p8
Freebsd Freebsd	Version 10.2 p9
Freebsd Freebsd	Version 10.3
Freebsd Freebsd	Version 9.3
Freebsd Freebsd	Version 9.3 p10
Freebsd Freebsd	Version 9.3 p12
Freebsd Freebsd	Version 9.3 p13
Freebsd Freebsd	Version 9.3 p16
Freebsd Freebsd	Version 9.3 p19
Freebsd Freebsd	Version 9.3 p1
Freebsd Freebsd	Version 9.3 p20
Freebsd Freebsd	Version 9.3 p21
Freebsd Freebsd	Version 9.3 p22
Freebsd Freebsd	Version 9.3 p23
Freebsd Freebsd	Version 9.3 p24
Freebsd Freebsd	Version 9.3 p25
Freebsd Freebsd	Version 9.3 p28
Freebsd Freebsd	Version 9.3 p2
Freebsd Freebsd	Version 9.3 p30
Freebsd Freebsd	Version 9.3 p31
Freebsd Freebsd	Version 9.3 p32
Freebsd Freebsd	Version 9.3 p33
Freebsd Freebsd	Version 9.3 p34
Freebsd Freebsd	Version 9.3 p35
Freebsd Freebsd	Version 9.3 p36
Freebsd Freebsd	Version 9.3 p38
Freebsd Freebsd	Version 9.3 p39
Freebsd Freebsd	Version 9.3 p3
Freebsd Freebsd	Version 9.3 p5
Freebsd Freebsd	Version 9.3 p6
Freebsd Freebsd	Version 9.3 p7
Freebsd Freebsd	Version 9.3 p8
Freebsd Freebsd	Version 9.3 p9

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Net Cp 443 1 Opc Ua Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Net Cp 443 1 Opc Ua	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (66)

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2016-1552.html

Source: cve@mitre.org

Broken Link

http://support.ntp.org/bin/view/Main/NtpBug3009

Source: cve@mitre.org

Vendor Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security

Source: cve@mitre.org

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3629

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: cve@mitre.org

PatchThird Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/538233/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/88226

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035705

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-3096-1

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2016:1141

Source: cve@mitre.org

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

Source: cve@mitre.org

Third Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201607-15

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20171004-0002/

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K20804323

Source: cve@mitre.org

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

Source: cve@mitre.org

https://www.debian.org/security/2016/dsa-3629

Source: cve@mitre.org

https://www.kb.cert.org/vuls/id/718152

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html