PatchSiren cyber security CVE debrief
CVE-2016-7426 Ntp CVE debrief
CVE-2016-7426 is a denial-of-service issue in NTP versions before 4.2.8p9. When rate limiting for all associations is enabled, an attacker can send responses with a spoofed source address in a way that causes NTP to rate limit replies from configured sources, potentially preventing those sources from responding. The practical impact is loss of time synchronization service, which can disrupt systems that depend on accurate NTP responses.
- Vendor
- Ntp
- Product
- CVE-2016-7426
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-13
- Advisory updated
- 2026-05-13
Who should care
NTP administrators and operators, especially those running vulnerable NTP releases with rate limiting enabled for all associations. Organizations that depend on those systems for time synchronization should also care, since failed NTP responses can affect authentication, logging, scheduling, and other time-sensitive services.
Technical summary
According to the NVD description, NTP before 4.2.8p9 can incorrectly rate limit responses received from configured sources when rate limiting for all associations is enabled. A remote attacker can abuse spoofed source addresses to trigger that behavior and prevent responses from the sources. NVD assigns CWE-400 and a CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting a network-reachable availability impact without evidence of confidentiality or integrity compromise.
Defensive priority
High. This is a remotely reachable availability issue in time synchronization infrastructure, which can have broad operational impact even without code execution.
Recommended defensive actions
- Upgrade NTP to 4.2.8p9 or a vendor-supplied fixed release.
- Apply vendor guidance from the NTP project and downstream advisories before re-enabling or changing rate-limiting settings.
- Review whether 'rate limiting for all associations' is enabled in your environment and confirm that your configuration matches vendor recommendations.
- Monitor NTP service health and time-synchronization status after remediation to ensure configured sources are responding normally.
- If you rely on packaged or appliance-provided NTP, follow the applicable vendor advisory and update path rather than assuming the upstream version number alone is sufficient.
Evidence notes
The CVE description states that NTP before 4.2.8p9 is affected and that spoofed source addresses can cause denial of service by preventing responses from configured sources when rate limiting for all associations is enabled. NVD lists CWE-400 and documents multiple vendor and third-party advisories, including the NTP project bug/advisory pages and downstream advisories from Red Hat, FreeBSD, Ubuntu, and CERT.
Official resources
-
CVE-2016-7426 CVE record
CVE.org
-
CVE-2016-7426 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Mitigation, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed in the CVE/NVD record on 2017-01-13. The record was later modified on 2026-05-13; that modification date is not the original disclosure date.