PatchSiren cyber security CVE debrief

CVE-2015-7978 Ntp CVE debrief

CVE-2015-7978 is a high-severity availability issue in NTP. A remote attacker can use the ntpdc relist command to trigger recursive traversal of the restriction list, which can exhaust the stack and crash the service. The impact is denial of service rather than data compromise.

Vendor: Ntp
Product: CVE-2015-7978
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-30
Original CVE updated: 2026-05-13
Advisory published: 2017-01-30
Advisory updated: 2026-05-13

Who should care

Administrators and operators running affected NTP deployments, especially systems that expose ntpdc management functionality or rely on NTP for time synchronization availability. Distro maintainers and fleet teams should confirm whether packaged versions include vendor backports or fixes.

Technical summary

The CVE description states that NTP before 4.2.8p6 and 4.3.0 before 4.3.90 is vulnerable. The issue is caused by ntpdc relist invoking recursive traversal of the restriction list, leading to stack exhaustion. NVD maps the weakness to CWE-400 and rates the issue with CVSS v3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which reflects a remotely reachable denial-of-service condition with no confidentiality or integrity impact.

Defensive priority

High. The flaw is remotely reachable, requires no privileges or user interaction in the CVSS vector, and can interrupt a core infrastructure service. Prioritize patching or mitigation on any exposed or business-critical NTP instances.

Recommended defensive actions

Upgrade NTP to a fixed release or apply the vendor-backported package that addresses this issue.
If ntpdc is not required, disable or restrict access to the management interface to reduce exposure.
Limit network reachability to NTP control and management traffic to trusted administrative hosts only.
Verify installed package versions against your distribution security advisories, since downstream fixes may differ from upstream version numbers.
Monitor NTP services for crashes, restarts, or abnormal behavior after exposure, and validate time synchronization continuity after remediation.

Evidence notes

This debrief is based only on the supplied CVE/NVD corpus. The CVE description explicitly identifies the vulnerable version ranges and the ntpdc relist recursion causing stack exhaustion. The NVD record classifies the weakness as CWE-400 and provides the CVSS v3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The CVE record was published on 2017-01-30 and last modified on 2026-05-13; those dates are used here only as record timing context, not as the time of exploitation or patching.

Official resources

CVE-2015-7978 CVE record
CVE.org
CVE-2015-7978 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory

Publicly disclosed in the CVE/NVD record on 2017-01-30; the record was last modified on 2026-05-13.