The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
13 Feb 2023, 00:51
Type | Values Removed | Values Added |
---|---|---|
Summary | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | |
References |
|
02 Feb 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
Summary | It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. | |
References |
|
19 Apr 2021, 15:13
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf - Third Party Advisory | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html - Broken Link | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html - Broken Link | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:tim_4r-id_dnp3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:* cpe:2.3:h:siemens:tim_4r-id_dnp3:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:* |
15 Apr 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Apr 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2017-07-21 14:29
Updated : 2023-12-10 12:15
NVD link : CVE-2015-5219
Mitre link : CVE-2015-5219
CVE.ORG link : CVE-2015-5219
JSON object : View
Products Affected
debian
- debian_linux
siemens
- tim_4r-ie
- tim_4r-ie_firmware
- tim_4r-id_dnp3_firmware
- tim_4r-id_dnp3
suse
- linux_enterprise_debuginfo
- linux_enterprise_server
- manager
- manager_proxy
- openstack_cloud
fedoraproject
- fedora
opensuse
- leap
redhat
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_hpc_node
- enterprise_linux_desktop
oracle
- linux
canonical
- ubuntu_linux
ntp
- ntp
novell
- leap
CWE
CWE-704
Incorrect Type Conversion or Cast