{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-21T00:00:00", "descriptions": [{"lang": "en", "value": "ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://nwtime.org/ntp428p9_release/"}, {"name": "VU#633847", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/633847"}, {"name": "1037354", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037354"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa139"}, {"name": "94450", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94450"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3110"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9312", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"}, {"name": "http://nwtime.org/ntp428p9_release/", "refsource": "CONFIRM", "url": "http://nwtime.org/ntp428p9_release/"}, {"name": "VU#633847", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/633847"}, {"name": "1037354", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037354"}, {"name": "https://bto.bluecoat.com/security-advisory/sa139", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa139"}, {"name": "94450", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94450"}, {"name": "http://support.ntp.org/bin/view/Main/NtpBug3110", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/NtpBug3110"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:50:37.125Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://nwtime.org/ntp428p9_release/"}, {"name": "VU#633847", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/633847"}, {"name": "1037354", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037354"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa139"}, {"name": "94450", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94450"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3110"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9312", "datePublished": "2017-01-13T16:00:00", "dateReserved": "2016-11-14T00:00:00", "dateUpdated": "2024-08-06T02:50:37.125Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*", "matchCriteriaId": "72A23255-B135-4A4C-A2BA-A93026C0F520", "versionEndIncluding": "4.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."}, {"lang": "es", "value": "ntpd en NTP en versiones anteriores a 4.2.8p9, cuando se ejecuta en Windows, permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de un paquete UDP grande."}], "id": "CVE-2016-9312", "lastModified": "2017-07-28T01:29:08.453", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-13T16:59:00.933", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://nwtime.org/ntp428p9_release/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3110"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94450"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1037354"}, {"source": "cve@mitre.org", "url": "https://bto.bluecoat.com/security-advisory/sa139"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/633847"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ntp: DoS by oversized UDP packet", "id": "1410014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410014"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."], "name": "CVE-2016-9312", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-11-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9312\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9312\nhttp://support.ntp.org/bin/view/Main/NtpBug3110"], "statement": "This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue only affected ntpd running on the Windows OS.", "threat_severity": "Important", "upstream_fix": "ntp 4.2.8p9"}