CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-9750

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.157

EPSS Ranking 94.3%

CVSS Severity

CVSS v2 Score 5.8

References

Products affected by CVE-2014-9750

Ntp » Ntp » Version: 4.2.0

cpe:2.3:a:ntp:ntp:4.2.0
Ntp » Ntp » Version: 4.2.2

cpe:2.3:a:ntp:ntp:4.2.2
Ntp » Ntp » Version: 4.2.4

cpe:2.3:a:ntp:ntp:4.2.4
Ntp » Ntp » Version: 4.2.5

cpe:2.3:a:ntp:ntp:4.2.5
Ntp » Ntp » Version: 4.2.6

cpe:2.3:a:ntp:ntp:4.2.6
Ntp » Ntp » Version: 4.2.7

cpe:2.3:a:ntp:ntp:4.2.7
Ntp » Ntp » Version: 4.2.7p444

cpe:2.3:a:ntp:ntp:4.2.7p444
Ntp » Ntp » Version: 4.2.8

cpe:2.3:a:ntp:ntp:4.2.8
Debian » Debian Linux » Version: 7.0

cpe:2.3:o:debian:debian_linux:7.0
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0
Oracle » Linux » Version: 7

cpe:2.3:o:oracle:linux:7
Redhat » Enterprise Linux Desktop » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
Redhat » Enterprise Linux Server » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0
Redhat » Enterprise Linux Workstation » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-9750

Products

Pricing

Contact Us