PatchSiren cyber security CVE debrief
CVE-2016-7434 Ntp CVE debrief
CVE-2016-7434 is a remotely reachable availability flaw in NTP. A crafted mrulist query can trigger a crash in read_mru_list, allowing an attacker to cause denial of service in affected deployments. The issue was publicly disclosed on 2017-01-13, and the vendor references point to fixes in NTP 4.2.8p9 and later.
- Vendor
- Ntp
- Product
- CVE-2016-7434
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-13
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams running NTP daemons should care most, especially if the service is exposed to untrusted networks or used in infrastructure where time availability is critical. Downstream products and appliances that bundle affected NTP builds should also be reviewed.
Technical summary
According to the NVD description, the read_mru_list function in NTP before 4.2.8p9 can be crashed by a remote attacker using a crafted mrulist query. NVD classifies the weakness as CWE-20 and rates the impact as availability-only with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. NVD also lists affected NTP and vendor-specific HP-UX NTP CPE ranges, indicating the issue extends beyond a single upstream build line.
Defensive priority
High. The flaw is network-reachable, requires no privileges or user interaction, and can directly take down time service processes. Systems that rely on NTP for operational timing or coordination should be prioritized for patching.
Recommended defensive actions
- Upgrade NTP to 4.2.8p9 or a vendor-fixed build.
- Verify whether any downstream package, appliance, or HP-UX NTP build maps to the affected CPE ranges listed by NVD.
- If immediate upgrading is not possible, restrict access to NTP control/query interfaces to trusted networks only.
- Monitor NTP service stability and restart behavior after remediation to confirm the crash condition is no longer present.
- Track vendor advisories and release notes referenced in the official NTP support pages for platform-specific fixes.
Evidence notes
The NVD record states that read_mru_list in NTP before 4.2.8p9 allows remote attackers to cause a denial of service via a crafted mrulist query. The NVD metadata also lists vendor and third-party references, including the NTP release and security notice pages, supporting the remediation guidance. Published date used for timing context is 2017-01-13; later metadata modification on 2026-05-13 does not change the original disclosure timing.
Official resources
-
CVE-2016-7434 CVE record
CVE.org
-
CVE-2016-7434 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Mitigation, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed on 2017-01-13. Use the published date for chronology; the 2026-05-13 modified timestamp reflects later metadata updates, not the original issue date.