CVE-2015-5219

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Resource Management Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2013-5211, CVE-2014-9750, CVE-2015-3405, CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311

Published on 21/07/17 - Updated on 18/05/18

Description

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Category: Resource Management Error

CWE-704 (Incorrect Type Conversion or Cast)
The software does not correctly convert an object, resource or structure from one type to a different type.

Security Notices

US National Vulnerability DatabaseCVE-2015-5219
Amazon Linux ALAS-2015-593
CentOS CESA-2016:0780, CESA-2016:2583
Debian DSA-3388-1
Debian LTSDLA-335-1
Oracle Linux ELSA-2016-0780, ELSA-2016-2583
Redhat RHSA-2016:0780, RHSA-2016:2583
SUSE SUSE-SU-2016:1311, SUSE-SU-2016:3193, SUSE-SU-2016:3195, SUSE-SU-2016:3196, SUSE-SU-2017:0255
Ubuntu USN-2783-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
debiandebian_linux
fedoraprojectfedora
novellleap
ntpntp
redhatenterprise_linux_desktop
redhatenterprise_linux_hpc_node
redhatenterprise_linux_server
redhatenterprise_linux_workstation
suselinux_enterprise_debuginfo
suselinux_enterprise_server
susemanager
susemanager_proxy
suseopenstack_cloud

Share this vulnerability with:

Twitter Facebook LinkedIn Mail