These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-7433 affects NTP versions before 4.2.8p9. The issue is described as an error in the initial synchronization calculations, specifically a root distance calculation that did not include peer dispersion. NVD rates the impact as medium severity with a low availability effect and no confidentiality or integrity impact in the published CVSS vector. The safest response is to upgrade to a fixed NTP relea [truncated]
CVE-2016-7431 is a medium-severity NTP flaw affecting versions before 4.2.8p9. According to the NVD record, a remote attacker could bypass the origin timestamp protection mechanism by using an origin timestamp of zero. The record also notes that this issue exists as a regression related to CVE-2015-8138. The practical security impact is limited to integrity, but it is reachable over the network without pr [truncated]
This NTP flaw lets a remote attacker bypass origin timestamp validation by sending a packet with the origin timestamp set to zero. The supplied NVD record rates the issue as medium severity with limited integrity impact, but because it is network-reachable and requires no privileges or user interaction, exposed ntpd deployments should be reviewed and patched.
CVE-2015-7979 is a network-reachable denial-of-service issue in NTP broadcast-client handling. According to the NVD record, a remote attacker can send broadcast packets with invalid authentication and trigger client-server association tear down, disrupting time synchronization service without impacting confidentiality or integrity.
CVE-2016-2519 is a remote denial-of-service issue in ntpd. A large request data value can make ctl_getitem return NULL, and the daemon may abort instead of handling the input safely. NVD rates the issue 5.9 (medium), with network access required but no privileges or user interaction.
CVE-2016-2517 is a denial-of-service vulnerability in NTP daemon configurations affected by the regression noted in the advisory trail. A remote attacker who already knows the controlkey or requestkey can send a crafted packet to ntpd and alter trustedkey, controlkey, or requestkey values, which can block subsequent authentication. The issue was published on 2017-01-30 and is described as a regression rel [truncated]
CVE-2016-2516 is a denial-of-service issue in NTP’s ntpd daemon. On affected releases, if mode7 is enabled, a remote attacker can cause ntpd to abort by using the same IP address multiple times in an unconfig directive. The issue was published by NVD on 2017-01-30 and later marked modified on 2026-05-13.
CVE-2015-8158 affects NTP's ntpq utility and can let a remote attacker cause a denial of service by sending crafted packets with incorrect values that drive getresponse into an infinite loop. The CVE description identifies affected releases as NTP versions before 4.2.8p9 and 4.3.x before 4.3.90. The supplied NVD record rates the issue as medium severity and indicates availability impact only.
CVE-2015-8140 describes a weakness in NTP’s ntpq protocol that can enable replay attacks if an attacker can observe network traffic. The issue is rated medium severity in NVD, with no privileges or user interaction required, but with high attack complexity and limited integrity/availability impact.
CVE-2015-8139 affects ntpq in NTP and allows a remote attacker to obtain origin timestamps and then impersonate peers through unspecified vectors. NVD rates the issue medium severity, with network access required but no privileges or user interaction, and the reported impact is integrity-related. Update affected NTP deployments to a fixed release and follow vendor package advisories for your platform.
CVE-2015-7978 is a high-severity availability issue in NTP. A remote attacker can use the ntpdc relist command to trigger recursive traversal of the restriction list, which can exhaust the stack and crash the service. The impact is denial of service rather than data compromise.
CVE-2015-7976 affects NTP’s ntpq saveconfig command, where special characters in a crafted filename were not properly filtered. The result is an integrity-impacting issue in affected NTP releases, with remediation guidance available from the vendor and downstream advisories. Because exploitation requires network access and low privileges, it is important to patch, but the supplied data does not indicate a [truncated]
CVE-2015-7975 is a denial-of-service vulnerability in NTP's nextvar function. The issue was publicly recorded by NVD on 2017-01-30 and applies to NTP versions before 4.2.8p6 and 4.3.x before 4.3.90. The defect is an input-length validation problem that can trigger an application crash, so the main operational risk is service disruption rather than data exposure.
CVE-2016-1551 describes a trust-confusion issue in ntpd and NTPsec where the software relies on the underlying operating system to block packets that impersonate reference clocks. According to the NVD description, reference clocks are handled like other peers and stored in the same structure, so a packet with a source IP matching a reference clock can be matched to that peer record and treated as trusted. [truncated]
CVE-2016-9311 describes a denial-of-service issue in ntpd that can trigger a NULL pointer dereference and crash when the trap service is enabled. NVD rates it Medium severity (CVSS 5.9), and the vendor references point to a fix in NTP 4.2.8p9 and related advisories.
CVE-2016-9310 affects ntpd control mode (mode 6) handling in NTP before 4.2.8p9. According to the CVE description, a remote attacker could send a crafted control mode packet to set or unset traps. The supplied NVD data rates the issue as CVSS 3.0 6.5 MEDIUM, with network access required but no privileges or user interaction.
CVE-2016-7434 is a remotely reachable availability flaw in NTP. A crafted mrulist query can trigger a crash in read_mru_list, allowing an attacker to cause denial of service in affected deployments. The issue was publicly disclosed on 2017-01-13, and the vendor references point to fixes in NTP 4.2.8p9 and later.
CVE-2016-7429 is a low-severity NTP vulnerability that can disrupt communication with a time source. According to the CVE record, versions before 4.2.8p9 may change peer state based on the interface that receives a response, which can allow a remote attacker to interfere with synchronization by sending a response to the wrong interface.
CVE-2016-7428 is a denial-of-service issue in ntpd affecting NTP versions before 4.2.8p9. The flaw can cause broadcast mode packets to be rejected when the poll interval field is involved, so systems that rely on NTP broadcast synchronization should prioritize the fixed release.
CVE-2016-7427 is a medium-severity availability issue in ntpd's broadcast mode replay-prevention logic. According to the NVD description, a crafted broadcast mode packet can cause remote attackers to trigger a denial of service by making the daemon reject broadcast mode packets. The vulnerable versions identified in the source corpus are NTP 4.2.8p6, 4.2.8p7, and 4.2.8p8, with 4.2.8p9 referenced in the ve [truncated]
CVE-2016-7426 is a denial-of-service issue in NTP versions before 4.2.8p9. When rate limiting for all associations is enabled, an attacker can send responses with a spoofed source address in a way that causes NTP to rate limit replies from configured sources, potentially preventing those sources from responding. The practical impact is loss of time synchronization service, which can disrupt systems that d [truncated]